Koozali.org: home of the SME Server

Obsolete Releases => SME Server 7.x => Topic started by: lucho115 on September 04, 2006, 09:42:32 PM

Title: Security - root access
Post by: lucho115 on September 04, 2006, 09:42:32 PM

My sme 7 is been acceding by somebody i think, because in the logs appear:

Sep  4 16:30:01 dc1 crond(pam_unix)[3795]: session opened for user root by (uid=0)
Sep  4 16:30:02 dc1 crond(pam_unix)[3795]: session closed for user root
Sep  4 16:35:01 dc1 crond(pam_unix)[3799]: session opened for user root by (uid=0)
Sep  4 16:35:01 dc1 crond(pam_unix)[3799]: session closed for user root

Each 5 minutes, am i wrong or have i a root kit or something?

waiting for help¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡¡

thks

Title: Security - root access
Post by: JonB on September 04, 2006, 11:55:29 PM

Check your cron logs. You will probably see this every 5 minutes

crond[9004]: (root) CMD (/bin/nice /sbin/e-smith/awstats-pp -s -n)

You have the awstats contrib installed which updates every 5 minutes.

Jon

Title: Security - root access
Post by: chris burnat on September 05, 2006, 12:50:53 AM

Have you updated your server recently?  I have found that updating vixie-cron (included in the upgrade process) solves this problem.  Same for entries associated with cron activities and sme7admin contrib. (edited to correct spelling...)

Title: Security - root access
Post by: lucho115 on September 05, 2006, 04:56:34 PM

ok,  update the system anf it works ok, and the cron job was the horde kronolit that use root to run the reminder script
tnks to allbody.
bye