[Gllug] Non-existent user in /var/log/secure
Peter Corlett
abuse at cabal.org.uk
Wed Jun 24 13:45:25 UTC 2009
On Wed, Jun 24, 2009 at 02:14:06PM +0100, gvimrc wrote:
> Running CentOS 5.2, I'm seeing lots of these:
> dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
> about user <someuser>
> ... in /var/log/secure but there is no user account for <someuser> on the
> system. Any ideas?
That looks awfully like you're being ssh scanned by a worm. Apart from the
light bandwidth drain and filling your logs, it's harmless provided you have
strong passwords on all of your accounts.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list