Koozali.org: home of the SME Server

Security - root access

Offline lucho115

  • *****
  • 209
  • +0/-0
    • http://www.elac.com.ar
Security - root access
« on: September 04, 2006, 09:42:32 PM »
My sme 7 is been acceding by somebody i think, because in the logs appear:

Sep  4 16:30:01 dc1 crond(pam_unix)[3795]: session opened for user root by (uid=0)
Sep  4 16:30:02 dc1 crond(pam_unix)[3795]: session closed for user root
Sep  4 16:35:01 dc1 crond(pam_unix)[3799]: session opened for user root by (uid=0)
Sep  4 16:35:01 dc1 crond(pam_unix)[3799]: session closed for user root

Each 5 minutes, am i wrong or have i a root kit or something?

waiting for help¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡

thks

Offline JonB

  • *
  • 351
  • +0/-0
Security - root access
« Reply #1 on: September 04, 2006, 11:55:29 PM »
Check your cron logs. You will probably see this every 5 minutes

crond[9004]: (root) CMD (/bin/nice /sbin/e-smith/awstats-pp -s -n)

You have the awstats contrib installed which updates every 5 minutes.

Jon
...

Offline chris burnat

  • *****
  • 1,135
  • +2/-0
    • http://www.burnat.com
Security - root access
« Reply #2 on: September 05, 2006, 12:50:53 AM »
Have you updated your server recently?  I have found that updating vixie-cron (included in the upgrade process) solves this problem.  Same for entries associated with cron activities and sme7admin contrib. (edited to correct spelling...)
- chris
If it does not work out of the box, please fill in a Bug Report @ Bugzilla (http://bugs.contribs.org)  - check: http://wiki.contribs.org/Bugzilla_Help .  Thanks.

Offline lucho115

  • *****
  • 209
  • +0/-0
    • http://www.elac.com.ar
Security - root access
« Reply #3 on: September 05, 2006, 04:56:34 PM »
ok,  update the system anf it works ok, and the cron job was the horde kronolit that use root to run the reminder script
tnks to allbody.
bye