07-18-2008
check pass; user unknown
Hi all,
While watching the log at /var/log/messages on a Centos 4.x box I keep seeing this come up
Jul 18 09:38:40 ws096 PAM_pwdb[708]: check pass; user unknown
From what I understand this might be a ssh attack or am I wrong here?
The bad thing is that it does not show an IP address its coming so I could block it. Anybody run into this before and found a solution?
Thanks!
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
here is the picture:
a website on server1 & a "username" logged in that site.
The same username has a shell(nologin)/ftp/samba/mail(qmail) acount on server2.
i have s form on server1 that can pass the username & its NEW password to a sript that should change all passwords on server2.
the... (5 Replies)
Discussion started by: veskonedev
5 Replies
2. HP-UX
Hi all,
I know this issues has been discussed multiple times, i have gone through many such discussion but unfortunately i am still not able to solve the issue being faced.
I have configured the sendmail.cf with the smtp host name (Editing the entry starting with DS...)
Post that restarted... (7 Replies)
Discussion started by: chpsam
7 Replies
3. Web Development
I have a wordpress site that authenticates against a local ldap database for users to login. On the same server and domain I have subsonic installed that also authenticates against the same ldap database. The ldap database is firewalled front the outside wall and the internal LAN.
I would like... (3 Replies)
Discussion started by: barrydocks
3 Replies
4. Shell Programming and Scripting
This is my script structure
main script calls configure script which needs to be run as a different user and the configure script calls my application installation script. the application instruction script prompts the user for a directory which I need to pass from my main or configure script.
... (4 Replies)
Discussion started by: cmastays
4 Replies
5. Red Hat
Hi Friends,
I set up the sendmail in my perosnal home lab. I am using mutt to send the email in between the machines. Everything is working fine if i send email like <username>@<hostname>. Now i set up the MX record for my domain "home.com" and then i was trying to send the email to like... (2 Replies)
Discussion started by: Rohit Bhanot
2 Replies
6. Shell Programming and Scripting
Hi Everyone,
1) I really cannot figure out how to pass multiple user inputs in a script. really need your help re this. below is the script.
-----------
#!/bin/sh
# script name: ask.sh
echo "Enter name: \c"
read NAME
echo "Your name is $NAME\n"
echo "Enter age: \c"
read AGE
echo... (5 Replies)
Discussion started by: mcoblefias
5 Replies
7. Shell Programming and Scripting
Is it possible to open an executable file and pass user credentials through the
perl script. If yes Please do share the CPAN module names and the way to access the executable file.
For eg. I want to open the IBM LOTUS Sametime through my perl code
and pass the user credentials like... (1 Reply)
Discussion started by: giridhar276
1 Replies
8. Solaris
Hello All,
I am currently running a Solaris 10 machine as inbound SMTP server i.e. bringing Emails from outside into our company. In /var/spool/mqueue , I have mails that are pending for the past 4-5 days. They are not being delivered and are causing my mount point size to increase.
Error... (0 Replies)
Discussion started by: Junaid Subhani
0 Replies
9. Cybersecurity
Hello,
I have a linux based streaming server and I do not want to make it public. I am looking for a solution to make my streaming content secured with username & password for each individual.
If i had been dealing with a webpage application, it would have been easy for me: To create .htpasswd... (5 Replies)
Discussion started by: baris35
5 Replies
10. Shell Programming and Scripting
Hello,
I am new to awk and I am trying to figure out how to print an output based on user input.
For example:
ubuntu:~/scripts$ steps="step1, step2, step3"
ubuntu:~/scripts$ echo $steps
step1, step2, step3
I am playing around and I got this pattern that I want:
... (3 Replies)
Discussion started by: tattoostreet
3 Replies
LAST,LASTB(1) Linux System Administrator's Manual LAST,LASTB(1)
NAME
last, lastb - show listing of last logged in users
SYNOPSIS
last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...]
lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...] [tty...]
DESCRIPTION
Last searches back through the file /var/log/wtmp (or the file designated by the -f flag) and displays a list of all users logged in (and
out) since that file was created. Names of users and tty's can be given, in which case last will show only those entries matching the
arguments. Names of ttys can be abbreviated, thus last 0 is the same as last tty0.
When last catches a SIGINT signal (generated by the interrupt key, usually control-C) or a SIGQUIT signal (generated by the quit key, usu-
ally control-), last will show how far it has searched through the file; in the case of the SIGINT signal last will then terminate.
The pseudo user reboot logs in each time the system is rebooted. Thus last reboot will show a log of all reboots since the log file was
created.
Lastb is the same as last, except that by default it shows a log of the file /var/log/btmp, which contains all the bad login attempts.
OPTIONS
-f file
Tells last to use a specific file instead of /var/log/wtmp.
-num This is a count telling last how many lines to show.
-n num The same.
-t YYYYMMDDHHMMSS
Display the state of logins as of the specified time. This is useful, e.g., to determine easily who was logged in at a particular
time -- specify that time with -t and look for "still logged in".
-R Suppresses the display of the hostname field.
-a Display the hostname in the last column. Useful in combination with the next flag.
-d For non-local logins, Linux stores not only the host name of the remote host but its IP number as well. This option translates the
IP number back into a hostname.
-F Print full login and logout times and dates.
-i This option is like -d in that it displays the IP number of the remote host, but it displays the IP number in numbers-and-dots nota-
tion.
-o Read an old-type wtmp file (written by linux-libc5 applications).
-w Display full user and domain names in the output.
-x Display the system shutdown entries and run level changes.
NOTES
The files wtmp and btmp might not be found. The system only logs information in these files if they are present. This is a local configura-
tion issue. If you want the files to be used, they can be created with a simple touch(1) command (for example, touch /var/log/wtmp).
FILES
/var/log/wtmp
/var/log/btmp
AUTHOR
Miquel van Smoorenburg, miquels@cistron.nl
SEE ALSO
shutdown(8), login(1), init(8)
Jul 31, 2004 LAST,LASTB(1)