[ale] LogWatch secure-log question/concern
synco gibraldter
synco at xodarap.net
Wed Sep 17 06:49:46 EDT 2003
On 17 Sep 2003 at 6:00, Jim Seymour wrote:
>
> What is happening in the snippet of my LogWatch below? Does the
> secure connection info suggest that someone has been successful in
> connecting to my computer? I do not run a server of any kind (that I
> know of). I found several of these in my LogWatch e-mails for about a
> week at the end of August and into the first week of September. This
> is a RedHat 7.3 system.
>
in a sense, yes... if xinetd is reporting activity, the traffic has successfully made it
past your system packet filters [if you have any]. it does not, however, mean that
they've been granted access. inetd basically "takes" the connections and hands
them off to the daemons specified in inetd's config file. if you're not wanting to run
any servers, you shouldn't even bother running inetd, as that's all it's good for.
might be a good idea to portscan yourself to find out just how many services your
system is, in fact, running. check your init scripts to find out when xinetd is being
started or check the inetd config file to modify the hand-off rules.
> ################## LogWatch 2.6 Begin #####################
>
>
> ---------------- Connections (secure-log) Begin -------------------
>
> **Unmatched Entries**
> xinetd[884]: START: sgi_fam pid=26198 from=<no address>
> xinetd[884]: START: sgi_fam pid=26500 from=<no address>
> xinetd[884]: START: sgi_fam pid=27227 from=<no address>
>
>
> ----------------- Connections (secure-log) End --------------------
>
> TIA,
>
> --
> Jim Seymour
> www.wingbarscafe.com
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
-- synco gibraldter
-- atlanta, ga
-- synco at xodarap.net
-- key id: 0xC5117E0A
More information about the Ale
mailing list