[Gllug] Non-existent user in /var/log/secure

Peter Corlett abuse at cabal.org.uk
Wed Jun 24 13:45:25 UTC 2009


On Wed, Jun 24, 2009 at 02:14:06PM +0100, gvimrc wrote:
> Running CentOS 5.2, I'm seeing lots of these:
> dovecot-auth: pam_succeed_if(dovecot:auth): error retrieving information
> about user <someuser>
> ... in /var/log/secure but there is no user account for <someuser> on the
> system. Any ideas?

That looks awfully like you're being ssh scanned by a worm. Apart from the
light bandwidth drain and filling your logs, it's harmless provided you have
strong passwords on all of your accounts.

-- 
Gllug mailing list  -  Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug




More information about the GLLUG mailing list