Kinda normal ?

Peige · 14 May 2007 08:47

Looking at the system logs for my fedora box and…


May 14 05:01:01 server crond(pam_unix)[9387]: session opened for user root by (uid=0)
May 14 05:01:01 server crond(pam_unix)[9387]: session closed for user root
May 14 06:01:01 server crond(pam_unix)[9397]: session opened for user root by (uid=0)
May 14 06:01:01 server crond(pam_unix)[9397]: session closed for user root
May 14 07:01:01 server crond(pam_unix)[9407]: session opened for user root by (uid=0)
May 14 07:01:01 server crond(pam_unix)[9407]: session closed for user root
May 14 07:21:01 server gdm(pam_unix)[9417]: bad username []
May 14 07:21:02 server gdm-binary[9417]: Couldn't authenticate user
May 14 07:21:07 server gdm(pam_unix)[9417]: bad username []
May 14 07:21:08 server gdm-binary[9417]: Couldn't authenticate user
May 14 07:21:12 server gdm(pam_unix)[9417]: bad username [%systemroot%\system32\cmd.exe]

So somebody or a script of some kind is trying to log onto it (it happens alot actually if i look back)
Doesn’t look like they are getting on and there is little i can do to shield the machine as i use vnc to get into it too, should i worry ?

DoubleTop · 14 May 2007 09:04

look up the little util called ‘denyhosts’, it watches the syslog for failed attempts and operates on a three strikes and your out. That is, the IP address finds itself in hosts.deny

Normal behaviour - you really don’t want to see some of the server logs on the big boxes I look after.

DT.

Peige · 14 May 2007 09:15

Will look that up DT, thanks

Peige · 24 May 2007 09:48

Been trying to get this working today,

Downloaded the rpm for denyhosts and went to install it and it tells me i need python, download python and do ./configure, make, make install… all seems to go well.
Go to install denyhosts and now it tells me it needs Python(abi) ?

What prey tell am i missing

DoubleTop · 24 May 2007 10:44

I think you may need python-devel, at least then you should get all the python kit.

DT.