Re: logcheck
On Thu, 21 Sep 2000, debian-isp@ghost.net.cfw.com wrote:
> Hey Russel and Group,
> Thanks for the continuing discussion.
>
> > Nobody suing to root is not non-threatening! Ideally you would have a
> > group wheel or root required for su to root to prevent this. Currently I
> > haven't as I haven't got the PAM setup for it going yet.
>
> PAM is acronym for 'password authentication mode' ?
> I know that BSD uses a wheel group that needs to be enacted before a su
> can happen. What means are you considering doing this?
PAM has support for it using pam_wheel.so
>
> Also, would something be running from cron that does this every morning at
> 6:23 AM?
As user nobody su'ing to root, it sounds like cron bulding the slocate
database.
> Anyone know how I can investigate furthur?
Look in /etc/crontab, /etc/cron.daily, /etc/cron.d
--
---------------------------------------------------------------------------
Gerard MacNeil, P. Eng macneil@supercity.ns.ca
System Administrator
Supercity Internet Services http://www.supercity.ns.ca
Reply to: