Solved

What is the "/root/install.log.syslog" in linux?

Posted on 2007-04-04
4
1,347 Views
Last Modified: 2013-12-16
A user recently  brought my attention to the file "/root/install.log.syslog" in one of the linux boxes that I have partial responsibility.  This file contains the creation of numerous users and groups such as rpm, mailnull, apache, webalizer, and ntp to name a few.  My question is this:  Should I be worried about all of these users that seem to have been installed on the system during its initial configuration over a year ago?
0
Comment
Question by:accessint
  • 2
4 Comments
 
LVL 3

Accepted Solution

by:
sheetbird earned 125 total points
ID: 18852218
You shouldn't be too concerned. However check your /etc/passwd and /etc/shadow to make sure that these users can't login.  In /etc/passwd they should have a shell of /bin/false (or some other bogus shell) and /etc/shadow should have an * where the encrypted password should be.
0
 

Author Comment

by:accessint
ID: 18853357
Some of the users have two exclimation points instead of an asterisk.  Do you know what that means?
0
 
LVL 3

Expert Comment

by:sheetbird
ID: 18853427
I had never seen that before however I'm sure that depending on the distribution it could be different.  Really it just needs to be something that will never be resolved by crypt, but * or x or !! are used to make it easily identifiable by humans.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 18854307
install.log.syslog is a standard install log (on Redhat at least).  It will contain a list of all the users and packages that were added to the system as part of the install process.

There's nothing scary or unusual about it.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now