[OpenIndiana-discuss] Who is trying to break in ?
Brogyányi József
brogyi at gmail.com
Sun Jun 28 09:01:55 UTC 2015
Hi
Please check your mail as root. Just you have to issue the mail command.
I copied my mails. You can see some lost user in it:
/To: root at hipster.local//
//From: petersonal at hipster.local//
//Subject: *** SECURITY information for hipster ***//
//Content-Length: 138//
//
//hipster : Jun 5 21:22:49 : petersonal : user NOT in sudoers ;
TTY=pts/1 ; PWD=/export/home/petersonal ; USER=root ; COMMAND=/usr/bin/su//
//******************************//
//To: root at hipster.local//
//From: joe at hipster.local//
//Subject: *** SECURITY information for hipster ***//
//Content-Length: 142//
//
//hipster : Feb 21 14:42:04 : joe : user NOT in sudoers ; TTY=pts/1 ;
PWD=/export/home/joe ; USER=root ; COMMAND=/usr/sbin/shutdown -y -i6 -g0//
/The last was strange a little bit because he wanted to switch of the
server. I think you have to change the 21 and 22 communication port.
I use the 443 port for ssh. I can reach the server easily from anywhere
because every company left it open that port.
BR
Brogyi
> 27 июня 2015 г. 9:42:29 CEST, Handojo via openindiana-discuss <openindiana-discuss at openindiana.org> пишет:
>> Dear Friends,
>>
>> I've noticed some text output before shutting down the system.
>> It seems someone ( or bots ) are constantly trying to log in as root.
>>
>> Is there a mechanism to see the successfull and failed login attempts ?
>>
>> Thank you,
>>
>> Handojo
>>
>> _______________________________________________
>> openindiana-discuss mailing list
>> openindiana-discuss at openindiana.org
>> http://openindiana.org/mailman/listinfo/openindiana-discuss
> There is last/lastlog, but generally if you did not tweak the system against its defaults, 'root' is a role that can be assumed by another user via sudo or pfexec, but not an account that can be directly logged into.
>
> Jim
> --
> Typos courtesy of K-9 Mail on my Samsung Android
>
> _______________________________________________
> openindiana-discuss mailing list
> openindiana-discuss at openindiana.org
> http://openindiana.org/mailman/listinfo/openindiana-discuss
More information about the openindiana-discuss
mailing list