Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

postfix log file question

Posted on 2007-04-02
3
Medium Priority
?
274 Views
Last Modified: 2013-12-15
I am running FC4 running postfix when i check the log files i get this:
Apr  2 01:11:02 mail2 su(pam_unix)[19952]: session opened for user dennis by (uid=0)
Apr  2 01:11:02 mail2 su(pam_unix)[19952]: session closed for user dennis
Apr  2 01:11:02 mail2 su(pam_unix)[19955]: session opened for user dennis by (uid=0)
Apr  2 01:11:02 mail2 su(pam_unix)[19955]: session closed for user dennis
Apr  2 01:11:02 mail2 su(pam_unix)[19958]: session opened for user dennis by (uid=0)
Apr  2 01:11:02 mail2 su(pam_unix)[19958]: session closed for user dennis
Apr  2 01:11:02 mail2 su(pam_unix)[19961]: session opened for user dennis by (uid=0)
Apr  2 01:11:02 mail2 su(pam_unix)[19961]: session closed for user dennis
Apr  2 01:11:02 mail2 su(pam_unix)[19964]: session opened for user dennis by (uid=0)
Apr  2 01:11:02 mail2 su(pam_unix)[19964]: session closed for user dennis
Apr  2 01:39:02 mail2 su(pam_unix)[20083]: session opened for user paul by (uid=0)
Apr  2 01:39:02 mail2 su(pam_unix)[20083]: session closed for user paul
Apr  2 01:39:02 mail2 su(pam_unix)[20086]: session opened for user paul by (uid=0)
Apr  2 01:39:02 mail2 su(pam_unix)[20086]: session closed for user paul
Apr  2 01:39:02 mail2 su(pam_unix)[20089]: session opened for user paul by (uid=0)
Apr  2 01:39:02 mail2 su(pam_unix)[20089]: session closed for user paul
Apr  2 01:39:02 mail2 su(pam_unix)[20092]: session opened for user paul by (uid=0)
Apr  2 01:39:02 mail2 su(pam_unix)[20092]: session closed for user paul
Apr  2 01:39:02 mail2 su(pam_unix)[20095]: session opened for user paul by (uid=0)
Apr  2 01:39:02 mail2 su(pam_unix)[20095]: session closed for user paul
Apr  2 03:44:01 mail2 su(pam_unix)[20622]: session opened for user billy by (uid=0)
Apr  2 03:44:01 mail2 su(pam_unix)[20622]: session closed for user billy
Apr  2 03:44:01 mail2 su(pam_unix)[20625]: session opened for user billyt by (uid=0)
Apr  2 03:44:02 mail2 su(pam_unix)[20625]: session closed for user billy
Apr  2 03:44:02 mail2 su(pam_unix)[20628]: session opened for user billy by (uid=0)
Apr  2 03:44:02 mail2 su(pam_unix)[20628]: session closed for user billy
Apr  2 03:44:02 mail2 su(pam_unix)[20631]: session opened for user billy by (uid=0)
Apr  2 03:44:02 mail2 su(pam_unix)[20631]: session closed for user billy
Apr  2 03:44:02 mail2 su(pam_unix)[20634]: session opened for user billy by (uid=0)
Apr  2 03:44:02 mail2 su(pam_unix)[20634]: session closed for user billy
Apr  2 03:44:02 mail2 su(pam_unix)[20637]: session opened for user billy by (uid=0)
Apr  2 03:44:02 mail2 su(pam_unix)[20637]: session closed for user billy

is this just postfix cycling thru the users?  

also i was wondering about creating a new root account named dennis  and then disabling the root account how do i do that?
0
Comment
Question by:knightdogs
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 27

Accepted Solution

by:
Nopius earned 2000 total points
ID: 18841354
> is this just postfix cycling thru the users?  
No. These logs come from 'su' command executed by root to become different users: 'billy', 'paul' and 'dennis'. Why it was executed - I don't know.

> also i was wondering about creating a new root account named dennis  and then disabling the root account how do i do that?
Do you mean you need to change user name 'root' to 'denis'?
I don't recommend but it's the simplest way to do so: edit files '/etc/passwd' and /etc/shadow and change user name 'root' to 'denis'. But most system scripts that rely on username 'root' for superuser will fail.
Another approach is to use selinux, but it's too complex and it works only for FC5 and above.
Third possible way - is also to change /etc/passwd but for user 'denis' change uid and gid fields to 0, he become your second root user. Also not recommended.
0
 

Author Comment

by:knightdogs
ID: 18842895
I am sorry for not being more clear.  i ran rkhunter and it said that root can be logged in to and that was a secrutiy concern.  i thought if i created another account like root, named dennis, and then disabled root that would fix it.  i saw a site 2 weeks ago that got hacked and it showed root uid 0   bla  bla  bla  and i figured that the hacker finally guessed roots password and took over so if i removed roots account i would slow them down, am i wrong?
0
 
LVL 27

Expert Comment

by:Nopius
ID: 18886073
knightdogs, thanks for points.

> figured that the hacker finally guessed roots password and took over so if i removed roots account i would slow them down, am i wrong?
You are wrong. System becomes unmanageble without root account.

Disallowing root to perform _remote_ login be done in /etc/ssh/sshd_config, with option 'PermitRootLogin No'. However really good security measure to prevent password guessing is a strong enouth root password (with, suppose, 10 randomly generated characters, not a dictionary word, with catipal/small letters and with digits).

Disallowing root FTP login is also possible, depends on your system, how to do it.
Disallowing any protocol (ftp, telnet, pop3 without apop/tls) with cleartext password is also a good preventive measure.
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
Check out what's been happening in the Experts Exchange community.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question