root:nobody in logs

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

What do you think abot it?


Sep 13 05:15:01 serv CRON[6665]: (pam_unix) session opened for user root by

Sep 13 05:15:01 serv su[6686]: + ??? root:nobody

Sep 13 05:15:01 serv su[6686]: (pam_unix) session opened for user nobody by

Sep 13 05:15:05 serv CRON[6665]: (pam_unix) session closed for user root


Sep 13 04:41:48 serv kernel: New not syn:IN=eth1 OUT=
MAC=00:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=60.xx.xx.xx
DST= LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=7224 PROTO=TCP SPT=80
DPT=64585 WINDOW=16384 RES=0x00 ACK SYN URGP=0

Sep 13 05:15:05 router syslogd 1.4.1#17: restart.

Re: root:nobody in logs

Quoted text here. Click to load it

We think that you should wait for answer on polish newsgroup first
before posting the same article to an english group. Some of us read
in both languages, if you haven't noticed yet.

Quoted text here. Click to load it

And what are we supposed to think about it?

Quoted text here. Click to load it

<Kosma> Niektórzy lubi± dozziego...
<Kosma> Oczywi¶cie szanujemy ich.
Stanislaw Klekot

Re: root:nobody in logs

n0m3n wrote:
Quoted text here. Click to load it

So CRON restarts your logging daemon at 5:15am.  Try looking at
/etc/crontab or, if your system uses it;

In short, cron runs as root (it has to), but it will drop privileges
unless it needs to run higher.  In your case, it appears to be doing the
grunt work as "nobody" then going back to root and restarting syslogd.

It looks very harmless to me.



Site Timeline