[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] LogWatch secure-log question/concern

On 17 Sep 2003 at 6:00, Jim Seymour wrote:

> 
> What is happening in the snippet of my LogWatch below?  Does the
> secure connection info suggest that someone has been successful in
> connecting to my computer?  I do not run a server of any kind (that I
> know of).  I found several of these in my LogWatch e-mails for about a
> week at the end of August and into the first week of September.  This
> is a RedHat 7.3 system.
> 

in a sense, yes... if xinetd is reporting activity, the traffic has successfully made it 
past your system packet filters [if you have any].  it does not, however, mean that 
they've been granted access.  inetd basically "takes" the connections and hands 
them off to the daemons specified in inetd's config file.  if you're not wanting to run 
any servers, you shouldn't even bother running inetd, as that's all it's good for.

might be a good idea to portscan yourself to find out just how many services your 
system is, in fact, running.  check your init scripts to find out when xinetd is being 
started or check the inetd config file to modify the hand-off rules.

>  ################## LogWatch 2.6 Begin #####################
> 
> 
>  ---------------- Connections (secure-log) Begin -------------------
> 
> **Unmatched Entries**
> xinetd[884]: START: sgi_fam pid=26198 from=<no address>
> xinetd[884]: START: sgi_fam pid=26500 from=<no address>
> xinetd[884]: START: sgi_fam pid=27227 from=<no address>
> 
> 
>  ----------------- Connections (secure-log) End --------------------
> 
> TIA,
> 
> -- 
> Jim Seymour
> www.wingbarscafe.com
> 
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale



--    synco gibraldter
--    atlanta, ga
--    synco at xodarap.net
--    key id: 0xC5117E0A