[ale] Have I been hacked?
Brian Pitts
brian at polibyte.com
Thu Jan 8 21:25:09 EST 2009
On Thu, 2009-01-08 at 21:11 -0500, Mark Wright wrote:
>
>
> A quick restart fixed the keyboard. My remaining question is does the entry in /var/log/auth.log indicate trouble? It shows some authorization action involving my userid at 7:30 this morning while I was on the road to Norcross. I don't know if this normal.
>
>
> See the log below.
>
>
> Jan 7 07:35:02 Gateway-Ubuntu sudo: root : TTY=unknown ; PWD=/ ; USER=mark ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/use_http_proxy
> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session): session opened for user mark by (uid=0)
> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session): session closed for user mark
> Jan 7 07:35:02 Gateway-Ubuntu sudo: root : TTY=unknown ; PWD=/ ; USER=mark ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/host
> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session): session opened for user mark by (uid=0)
> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session): session closed for user mark
> Jan 7 07:35:02 Gateway-Ubuntu sudo: root : TTY=unknown ; PWD=/ ; USER=mark ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/port
> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session): session opened for user mark by (uid=0)
> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session): session closed for user mark
This is normal. It's caused by the script /etc/cron.daily/apt
# set the proxy based on the admin users gconf settings
admin_user=$(getent group admin|cut -d: -f4|cut -d, -f1)
if [ -n "$admin_user" ] && [ -x /usr/bin/sudo ] && [ -z "$http_proxy" ]
&& [ -x /usr/bin/gconftool ]; then
use=$(sudo -u "$admin_user" gconftool
--get /system/http_proxy/use_http_proxy)
host=$(sudo -u "$admin_user" gconftool
--get /system/http_proxy/host)
port=$(sudo -u "$admin_user" gconftool
--get /system/http_proxy/port)
if [ "$use" = "true" ] && [ -n "$host" ] && [ -n "$port" ]; then
export http_proxy="http://$host:$port/"
fi
fi
-Brian
More information about the Ale
mailing list