su: + tty?? root-ucm03

mhzzang · ‎09-01-2003

continueously messages is shown
what is occurred?

Aug 31 12:32:56 edbm su: + tty?? root-ucm03
Aug 31 12:33:26 edbm su: + tty?? root-ucm03
Aug 31 12:45:17 edbm su: + tty?? root-ucm03
Aug 31 12:45:47 edbm su: + tty?? root-ucm03
Aug 31 12:46:01 edbm above message repeats 2 times
Aug 31 12:49:27 edbm su: + tty?? root-ucm03
Aug 31 12:49:57 edbm su: + tty?? root-ucm03
Aug 31 12:50:58 edbm su: + tty?? root-ucm03
Aug 31 12:51:01 edbm ftpd[29387]: FTP session closed
Aug 31 12:53:48 edbm su: + tty?? root-ucm03
Aug 31 12:53:48 edbm su: + tty?? root-ucm03
Aug 31 12:54:19 edbm su: + tty?? root-ucm03
Aug 31 12:55:30 edbm su: + tty?? root-ucm03
Aug 31 13:05:32 edbm su: + tty?? root-ucm03
Aug 31 13:06:02 edbm su: + tty?? root-ucm03

Michael Tully · ‎09-01-2003

You'll find that these are either at, batch or cron jobs, where the id changes from root to the account ucm03. The reason it is tty?? indicates that it does not belong to an actual terminal session.

Anyone for a Mutiny ?

T G Manikandan · ‎09-01-2003

These messages might appear on the console or they would also be logged into /var/adm/sulog.

The line tells like the su(switch user) command worked successfully(indicated by a plus) from root to user ucm03.

Looks like some job is running which switches appropriately to run the application.

check for the crontab entries.

Revert

mhzzang · ‎09-01-2003

nothing was in cronjob.
another message(ex. root-ucm01,02 ...) was shown in/var/adm/sulog. but also there is no cronjob. sometimes for one second, above messages was shown 10line , more...

I think, secure problem? I'll wait your answer.

Jdamian · ‎09-01-2003

check the crontab of ucm03, not the crontab of root.

Michael Tully · ‎09-02-2003

Somebody may have access to root, that you don't know about and they are running some scripts in the background. Change your root password immediately and be careful who you tell. Also look to installing sudo. look in the sulog for invalid entries.

Anyone for a Mutiny ?

Tyronne Milton · ‎01-08-2004

Look in your start-up scripts (/sbin/rc2.d & /sbin/rc3.d) could be some script performing "su - ucm03 -c some-command"

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

su: + tty?? root-ucm03

su: + tty?? root-ucm03

Re: su: + tty?? root-ucm03

Re: su: + tty?? root-ucm03

Re: su: + tty?? root-ucm03

Re: su: + tty?? root-ucm03

Re: su: + tty?? root-ucm03

Re: su: + tty?? root-ucm03