[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] RAQ3 check pass; user unknown - Again

Subject: [cobalt-users] RAQ3 check pass; user unknown - Again
From: "Render-Vue" <sales@xxxxxxxxxxxxxx>
Date: Wed Nov 7 19:06:07 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Sorry for a repost but this event has cropped up again...came through from
logcheck

Nov  7 15:42:18 ns PAM_pwdb[3800]: check pass; user unknown
Nov  7 15:42:21 ns PAM_pwdb[4191]: check pass; user unknown
Nov  7 15:42:48 ns PAM_pwdb[3717]: check pass; user unknown
Nov  7 15:42:50 ns PAM_pwdb[4215]: check pass; user unknown
Nov  7 15:43:35 ns PAM_pwdb[3800]: check pass; user unknown
Nov  7 15:43:38 ns PAM_pwdb[4242]: check pass; user unknown
Nov  7 15:44:27 ns PAM_pwdb[3720]: check pass; user unknown
Nov  7 15:44:29 ns PAM_pwdb[4320]: check pass; user unknown
Nov  7 15:44:35 ns PAM_pwdb[3720]: check pass; user unknown
Nov  7 15:44:38 ns PAM_pwdb[4331]: check pass; user unknown
Nov  7 15:44:45 ns PAM_pwdb[3720]: check pass; user unknown
Nov  7 15:44:47 ns PAM_pwdb[4357]: check pass; user unknown
Nov  7 15:44:50 ns PAM_pwdb[3720]: check pass; user unknown
Nov  7 15:44:52 ns PAM_pwdb[4359]: check pass; user unknown
Nov  7 15:45:04 ns PAM_pwdb[3720]: check pass; user unknown
Nov  7 15:45:06 ns PAM_pwdb[4370]: check pass; user unknown
Nov  7 15:45:28 ns PAM_pwdb[3719]: check pass; user unknown
Nov  7 15:45:31 ns PAM_pwdb[4390]: check pass; user unknown
Nov  7 15:45:49 ns PAM_pwdb[3916]: check pass; user unknown
Nov  7 15:45:51 ns PAM_pwdb[4410]: check pass; user unknown
Nov  7 15:46:19 ns PAM_pwdb[3719]: check pass; user unknown
Nov  7 15:46:21 ns PAM_pwdb[4432]: check pass; user unknown
Nov  7 15:46:34 ns PAM_pwdb[3719]: check pass; user unknown
Nov  7 15:46:36 ns PAM_pwdb[3718]: check pass; user unknown
Nov  7 15:46:36 ns PAM_pwdb[4433]: check pass; user unknown
Nov  7 15:46:38 ns PAM_pwdb[4434]: check pass; user unknown
Nov  7 15:46:40 ns PAM_pwdb[3718]: check pass; user unknown
Nov  7 15:46:43 ns PAM_pwdb[4436]: check pass; user unknown

Now I've just gone through all of the log files listed below and I can't see
anything that ties in with the times above - the nearest thing is when I
checked the xferlog these events happened just after one user had logged in
via FTP and was uploading files to the site...only on a few occassions did
the time happen to be a few seconds of one another, some around a minute.
In the maillog one or two of the times coincided with a qpopper event but
that's it.

/var/log/messages - *.info ; mail.none ; authpriv.none
/var/log/secure  - authpriv.*
/var/log/maillog  - mail.*
/var/log/xferlog  - *.*

Anyone have any ideas - someone did mention it might be someone trying to
check their stats and using the wrong password - is there anyway of actually
confirming this is what they are doing ?

Many thanks in advance

Chae

Follow-Ups:
- Re: [cobalt-users] RAQ3 check pass; user unknown - Again
  - From: Sqlcoders.com Programming Dept
- RE: [cobalt-users] RAQ3 check pass; user unknown - Again
  - From: Dan Kriwitsky

Prev by Date: RE: [cobalt-users] Chkrootkit - What next
Next by Date: Re: [cobalt-users] How can one create autorespondres?
Previous by thread: RE: [cobalt-users] RaQ4 and Raid issue
Next by thread: Re: [cobalt-users] RAQ3 check pass; user unknown - Again

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index