What is the "/root/install.log.syslog" in linux?

A user recently  brought my attention to the file "/root/install.log.syslog" in one of the linux boxes that I have partial responsibility.  This file contains the creation of numerous users and groups such as rpm, mailnull, apache, webalizer, and ntp to name a few.  My question is this:  Should I be worried about all of these users that seem to have been installed on the system during its initial configuration over a year ago?
accessintAsked:
Who is Participating?
 
sheetbirdCommented:
You shouldn't be too concerned. However check your /etc/passwd and /etc/shadow to make sure that these users can't login.  In /etc/passwd they should have a shell of /bin/false (or some other bogus shell) and /etc/shadow should have an * where the encrypted password should be.
0
 
accessintAuthor Commented:
Some of the users have two exclimation points instead of an asterisk.  Do you know what that means?
0
 
sheetbirdCommented:
I had never seen that before however I'm sure that depending on the distribution it could be different.  Really it just needs to be something that will never be resolved by crypt, but * or x or !! are used to make it easily identifiable by humans.
0
 
TintinCommented:
install.log.syslog is a standard install log (on Redhat at least).  It will contain a list of all the users and packages that were added to the system as part of the install process.

There's nothing scary or unusual about it.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.