[Wylug-help] avahi-autoipd
Roger
roger at roger-beaumont.co.uk
Wed May 6 21:25:19 UTC 2009
John Hodrien wrote:
> On Wed, 6 May 2009, Roger wrote:
>
>> Logwatch told me today that on my server:
>>
>> --------------------- Connections (secure-log) Begin ------------------
>>
>> New Users:
>> avahi-autoipd (100)
>>
>> New Groups:
>> avahi-autoipd (101)
>>
>>
>> Userhelper executed applications:
>> root -> system-config-services as root: 2 Time(s)
>> root -> pup as root: 1 Time(s)
>>
>> Changed users default login shell:
>> User gdm change shell from /sbin/nologin to /sbin/nologin: 1 Time(s)
>>
>> ---------------------- Connections (secure-log) End -------------------
>>
>>
>> I didn't initiate this. Have I been hacked?
>
> You've not upgraded any packages?
Hi John (and Imran),
Yes, now you ask... Not deliberately, but I needed to re-boot the
server (CentOS) for the first time in months and the 'updates waiting'
window came up, so without engaging my brain, I just clicked 'Install'.
Given the above thoughtless behaviour, I've no idea what packages were
affected, though there's presumably a log somewhere?
My problem is that I just do what I do (mostly write and serve websites)
and know enough to do that. There's lots of Linux that's totally opaque
to me!
Does this mean I may be safe?
Roger
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
More information about the Wylug-help
mailing list