Looks more like someone is probing/trying to hack your server....
----- Original Message -----
From: "Tunc Eresen" <eresen (at mark) hotmail.com>
To: <coba-e (at mark) bluequartz.org>
Sent: Saturday, May 12, 2007 9:27 AM
Subject: [coba-e:09835] Is it pam problem
Hello all
When tail logs I am getting following errors, It looks as if PAM_pwdb is
at fault , Q, is how to fix it?
May 12 08:21:22 ns3 PAM_pwdb[5614]: check pass; user unknownMay 12 08:21:22
ns3 PAM_pwdb[5617]: check pass; user unknownMay 12 08:21:22 ns3
PAM_pwdb[5620]: check pass; user unknown
May 12 08:21:36 ns3 named[2931]: client 83.100.191.127#32768: no more
recursive clients: quota reachedMay 12 08:21:49 ns3 PAM_pwdb[5673]:
authentication failure; (uid=0) -> root for sshd serviceMay 12 08:22:25 ns3
PAM_pwdb[5789]: authentication failure; (uid=0) -> mysql for sshd service
With Thanks. O. TUNC ERESEN
IT-Security Consultant Mobile: 07785363481 tunc (at mark) eresen.comeresen (at mark) hotmail.com
eresen (at mark) gmail.com
Disclaimer If you have received this email in error please notify the
tunc (at mark) eresen.com. This email is confidential and intended solely for the use
of the individual to whom it is addressed. Any views or opinions presented
are solely those of the author and do not necessarily represent those of the
Findmenet. If you are not the intended recipient, be advised that you have
received this email in error and that any use, dissemination, forwarding,
printing, or copying of this email is strictly prohibited.
> Date: Fri, 11 May 2007 10:14:42 -0500> From: lesmith (at mark) ecsis.net> Subject:
> [coba-e:09833] Re: cantAddToSiteGroup problems again!> To:
> coba-e (at mark) bluequartz.org> > On Friday 11 May 2007 09:20, Tunc Eresen wrote:>
> > my etc/group file, names omitted UW PICO(tm) 4.10 > > File:
> /etc/group.old > > > >
> root::0:rootbin::1:root,bin,daemondaemon::2:root,bin,daemonsys::3:root,bin,>
> >admadm::4:root,adm,daemontty::5: disk::6:root> >
> lp::7:daemon,lpmem::8:kmem::9: > >
> wheel::10:admin,name1.nam22,rootmail::12:mailnews::13:newsuucp::14:uucpman:>
> >:15: games::20: gopher::30: dip::40:ftp::50: > >
> lock::54:nobody::99:users::100: dbus:x:81: > >
> floppy:x:19:vcsa:x:69:rpm:x:37:haldaemon:x:68:utmp:x:22:netdump:x:34:nscd:x>
> >:28:slocate:x:21:sshd:x:74:mailnull:x:47:smmsp:x:51: pcap:x:77: > >
> named:x:25: > >
> ntp:x:38:mysql:x:27:apache:x:48:webalizer:x:67:httpd:x:48:admin-users:*:562>
> >; name1,> >
> name2site-adm:*:563:names.......clamav:x:46:dovecot:x:97:nagiocmd:x:757:mun>
> >in:x:18:Which one of these would be restricting changes..With Thanks. O.>
> > TUNC ERESEN IT-Security Consultant> > Mobile: 07785363481> >
> tunc (at mark) eresen.comeresen (at mark) hotmail.com eresen (at mark) gmail.comDisclaimer> > If you
> have received this email in error please notify the tunc (at mark) eresen.com.> >
> This email is confidential and intended solely for the use of the> >
> individual to whom it is addressed. Any views or opinions presented are> >
> solely those of the author and do not necessarily represent those of the>
> > Findmenet. If you are not the intended recipient, be advised that you
> have> > received this email in error and that any use, dissemination,
> forwarding,> > printing, or copying of this email is strictly prohibited.
> > Date: Fri, 11> > May 2007 07:59:12 -0500> From: lesmith (at mark) ecsis.net>
> Subject: [coba-e:09830]> > Re: cantAddToSiteGroup problems again!> To:
> coba-e (at mark) bluequartz.org> > On> > Friday 11 May 2007 07:29, Arthur Sherman
> wrote:> > Tunc,> >> > there should> > be rellevant entries in messages.>
> >> > a quick guess: permissions> > problem...> >> > keep tailing the log
> while adding a user.> >> >> >> >> >> > Best,> >> > --> > Arthur> >> >> >>
> >> > _____> >> > From: Tunc Eresen> > [mailto:eresen (at mark) hotmail.com]> > Sent:
> Friday, May 11, 2007 1:12 PM> > To:> > coba-e (at mark) bluequartz.org> > Subject:
> [coba-e:09826] cantAddToSiteGroup> > problems again!> >> >> > Hello> > the
> following statement comes up when> > ever I change user setting or site> >
> settings on BQ server> >> >> > cantAddToSiteGroup> > The operation failed.
> Unable to update the> > capabilities for site> > administrators.> >> >
> There is not much info> > anywhere else!> >> > With Thanks> > TUNC ERESEN>
> > Hmmm, might be way off> > base, but seem to recall from long, long ago a
> > situation where there was> > a "limit" on the number of entries in > the
> /etc/group file for both> > "wheel" (root) and site-adm (site >
> administrators). You might check the> > /etc/group file and see what that
> looks > like.> > -- > Larry Smith> SysAd> > ECSIS.NET> sysad (at mark) ecsis.net>> >
> Tunc,> > Hard to read, but most likely the line that starts with >
> "site-adm:*:563:<names>"> > Also your message says "/etc/group.old" vice
> /etc/group. If the group file > has gotten "hosed" or is not in correct
> format (ascii, no carriage-returns) > then the programs that read it will
> have problems.> > It almost appears that someone has edited your
> /etc/group file with PICO and > done a "justtify" the way it looks in your
> message - which will definitely > "hose" the file and all programs that
> use it...> > Mine looks like this:> <excerpt of /etc/group>>
> root:x:0:root> bin:x:1:root,bin,daemon> daemon:x:2:root,bin,daemon>
> sys:x:3:root,bin,adm> adm:x:4:root,adm,daemon> tty:x:5:> disk:x:6:root>
> lp:x:7:daemon,lp> mem:x:8:> kmem:x:9:> wheel::10:admin,root,mary,larry>
> mail:x:12:mail> news:x:13:news> uucp:x:14:uucp> man:x:15:> games:x:20:>
> gopher:x:30:> dip:x:40:> </excerpt>> > -- > Larry Smith> SysAd ECSIS.NET>
> sysad (at mark) ecsis.net>
_________________________________________________________________
Try Live.com - your fast, personalized homepage with all the things you care
about in one place.
http://www.live.com/getstarted