Strange messages log entry
Stacey Roberts
stacey at vickiandstacey.com
Sat Jul 16 14:40:14 GMT 2005
Hello,
I've noted a strange entry in /var/log/messages on machine here that I'm hoping someone might be able to shed some light on, please. Here is what I found:
su: _secure_path: /nonexistent/.login_conf is not
owned by uid 65534
There are two (2) entries at exactly 04:15 this morning, and they are the only two entries of this kind in /var/log/messages, and I can't think what it is that could be the origin of them.
The machine itself is only running rsync as the only really active service, and is behind a Cisco c-2514 running CBAC with STATIC (for this machine only) and DYNAMIC NAT, and there is another firewall in front of this Cisco for the whole local network.
The static NAT entry on the router is set up in order to construct an ACL entry that permits only one laptop to backup its files to the FreeBSD server via rsync. The laptop itself has not been powered up for over a week now and was not on at the time of the log entry.
Here's what's running on the server:
# sockstat -4l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN
ADDRESS
root rsync 635 5 tcp4 *:873 *:*
root portsentry 499 0 udp4 *:1 *:*
root portsentry 499 1 udp4 *:7 *:*
root portsentry 499 2 udp4 *:9 *:*
root portsentry 499 3 udp4 *:69 *:*
root portsentry 499 4 udp4 *:161 *:*
root portsentry 499 5 udp4 *:162 *:*
root portsentry 499 6 udp4 *:513 *:*
root portsentry 499 7 udp4 *:635 *:*
root portsentry 499 8 udp4 *:640 *:*
root portsentry 499 9 udp4 *:641 *:*
root portsentry 499 10 udp4 *:700 *:*
root portsentry 499 11 udp4 *:37444 *:*
root portsentry 499 12 udp4 *:34555 *:*
root portsentry 499 13 udp4 *:31335 *:*
root portsentry 499 14 udp4 *:32770 *:*
root portsentry 499 15 udp4 *:32771 *:*
root portsentry 499 16 udp4 *:32772 *:*
root portsentry 499 17 udp4 *:32773 *:*
root portsentry 499 18 udp4 *:32774 *:*
root portsentry 499 19 udp4 *:31337 *:*
root portsentry 499 20 udp4 *:54321 *:*
root portsentry 497 0 tcp4 *:1 *:*
root portsentry 497 1 tcp4 *:11 *:*
root portsentry 497 2 tcp4 *:15 *:*
root portsentry 497 3 tcp4 *:79 *:*
root portsentry 497 4 tcp4 *:111 *:*
root portsentry 497 5 tcp4 *:119 *:*
root portsentry 497 6 tcp4 *:143 *:*
root portsentry 497 7 tcp4 *:540 *:*
root portsentry 497 8 tcp4 *:635 *:*
root portsentry 497 9 tcp4 *:1080 *:*
root portsentry 497 10 tcp4 *:1524 *:*
root portsentry 497 11 tcp4 *:2000 *:*
root portsentry 497 12 tcp4 *:5742 *:*
root portsentry 497 13 tcp4 *:6667 *:*
root portsentry 497 14 tcp4 *:12345 *:*
root portsentry 497 15 tcp4 *:12346 *:*
root portsentry 497 16 tcp4 *:20034 *:*
root portsentry 497 17 tcp4 *:27665 *:*
root portsentry 497 18 tcp4 *:31337 *:*
root portsentry 497 19 tcp4 *:32771 *:*
root portsentry 497 20 tcp4 *:32772 *:*
root portsentry 497 21 tcp4 *:32773 *:*
root portsentry 497 22 tcp4 *:32774 *:*
root portsentry 497 23 tcp4 *:40421 *:*
root portsentry 497 24 tcp4 *:49724 *:*
root portsentry 497 25 tcp4 *:54320 *:*
root sendmail 465 4 tcp4 127.0.0.1:25 *:*
root sshd 459 4 tcp4 *:22 *:*
#
SSHD access to the server is only available to one other machine in that Cisco protected network that is not accessible from anywhere else on either the Cisco-protected network, nor any other networks locally, or externally.
If anyone is able to provide any hints as to where that entry might have come from, or any information as to what it literally means, I'd appreciate it greatly. If there are any other bits of information I can provide, then please let me know.
Thanks for the time.
Regards,
Stacey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 466 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050716/04c83e48/attachment.bin
More information about the freebsd-questions
mailing list