[Leaplist] Oddball occurence ....

William A. Mahaffey III wam at hiwaay.net
Sat Aug 23 08:22:02 EDT 2008 


.... I got a message in my morning logwatch mail that said yum had 
updated a bunch of packages on 1 of my machines. Problem is, that 
machine doesn't have internet access (except when I connect my DSL 
modem, which is disconnected by default). Furthermore, I found no 
references to any yum activity in my /var/log/messages file :-). The box 
in question is a S939 Opteron 165 running FC6, 64-bit:

[root at Opty165A:/etc, Sat Aug 23, 07:02 AM] 1027 # uname -a
Linux Opty165A 2.6.18-1.2798.fc6 #1 SMP Mon Oct 16 14:39:22 EDT 2006 
x86_64 x86_64 x86_64 GNU/Linux
[root at Opty165A:/etc, Sat Aug 23, 07:14 AM] 1028 #

I attach the entire logwatch file. The machine in question is on my 
private LAN, yumupdatesd is chkconfig'ed off & none of the other boxen 
are running FC6 (which is also no longer supported by RH, or even 
carried, at least by my ISP who is an official RH mirror), all newer (or 
SGI IRIX). Anyone got a clue for me what's goin' on here :-) ??? TIA ....

-- 

	William A. Mahaffey III

 ----------------------------------------------------------------------

	"The M1 Garand is without doubt the finest implement of war
	 ever devised by man."
                           -- Gen. George S. Patton Jr.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-------------- next part --------------


	.
	.
	.
	.
	.


[root at Opty165A:/etc, Fri Aug 22, 06:32 AM] 1326 # mail                                                                        Mail version 8.1 6/6/93.  Type ? for help.
"/var/spool/mail/root": 1 message 1 new
>N  1 logwatch at OPTY165A.CF  Sat Aug 23 04:07 135/4211  "Logwatch for opty165a (Linux)"
& 
Message 1:
>From root at OPTY165A.CFD.COM  Sat Aug 23 04:07:47 2008
Date: Sat, 23 Aug 2008 04:03:45 -0500
To: root at OPTY165A.CFD.COM
From: logwatch at OPTY165A.CFD.COM
Subject: Logwatch for opty165a (Linux)
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"


 ################### Logwatch 7.3 (03/24/06) #################### 
        Processing Initiated: Sat Aug 23 04:03:44 2008
        Date Range Processed: yesterday
                              ( 2008-Aug-22 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: opty165a
  ################################################################## 
 
 --------------------- Selinux Audit Begin ------------------------ 

 *** Denials ***
    root root (netlink_route_socket): 12 times
    system_u system_u (file): 3 times
 
 ---------------------- Selinux Audit End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 atd:
    Unknown Entries:
       session closed for user wam: 2 Time(s)
       session opened for user wam by (uid=0): 2 Time(s)
 
 
 ---------------------- pam_unix End -------------------------

--------------------- Connections (secure-log) Begin ------------------------ 

 
 Userhelper executed applications:
    wam -> hdc as root:  1 Time(s)
 
 ---------------------- Connections (secure-log) End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Users logging in through sshd:
    wam:
       192.168.0.9 (Q6600.CFD.COM): 370 times
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Sudo (secure-log) Begin ------------------------ 

 ==============================================================================
 wam => root
 ------------------------------------------------------------------------------
 /sbin/mount.cifs //gtw1600/wam /mnt -o \
     credentials=/home/wam/.smbAuth,ro,soft
 /sbin/umount.cifs /mnt
 
 ---------------------- Sudo (secure-log) End -------------------------

--------------------- yum Begin ------------------------ 

 
 Packages Updated:
    vnc.x86_64 4.1.2-9.fc6
    enscript.x86_64 1.6.4-5.fc6
    apr-util.x86_64 1.2.8-1.fc6
    frysk.x86_64 0.0.1.2007.02.07.rh1-1.fc6
    crontabs.noarch 1.10-12.fc6
    apr-util.i386 1.2.8-1.fc6
    ElectricFence.x86_64 2.2.2-22.fc6
    anacron.x86_64 2.3-44.fc6
    bzip2.x86_64 1.0.3-6.fc6
    samba-client.x86_64 3.0.24-7.fc6
    samba-common.x86_64 3.0.24-7.fc6
    at.x86_64 3.1.8-85.fc6
    yum-updatesd.noarch 3.0.6-1.fc6
    firefox.i386 1.5.0.12-4.fc6
    wget.x86_64 1.10.2-8.fc6.1
    yum.noarch 3.0.6-1.fc6
    xinetd.x86_64 2:2.3.14-9.fc6
    samba.x86_64 3.0.24-7.fc6
    cups-libs.x86_64 1:1.2.12-4.fc6
    coreutils.x86_64 5.97-12.5.fc6
    rsync.x86_64 2.6.9-2.fc6
    tar.x86_64 2:1.15.1-25.fc6
    cpuspeed.x86_64 1:1.2.1-1.48.fc6
    a2ps.x86_64 4.13b-57.fc6.3
    firefox.x86_64 1.5.0.12-4.fc6
    ImageMagick.i386 6.2.8.0-4.fc6
    vixie-cron.x86_64 4:4.1-69.fc6
    ImageMagick.x86_64 6.2.8.0-4.fc6
    frysk.i686 0.0.1.2007.02.07.rh1-1.fc6
    cups.x86_64 1:1.2.12-4.fc6
    rsh.x86_64 0.17-38.fc6
 
 ---------------------- yum End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/mapper/VolGroup00-LogVol00
                        71G  3.3G   64G   5% /
 /dev/sda1              99M   12M   83M  12% /boot
 /dev/hda1             147G   45G   96G  32% /home
 /dev/sdb1             459G  277G  159G  64% /work
 
 
 ---------------------- Disk Space End -------------------------

###################### Logwatch End #########################

More information about the Leaplist mailing list