FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 07-10-2008, 06:35 PM
"Shaun Meyer"
 
Default What does this mean

On Thu, July 10, 2008 1:18 pm, Allen, Jack wrote:
> Shaun:
> I don't know because I do not know where that would be
> specified.
>
> Is it an up2date / yum option in a configuration file?
>
> Thanks:
> Jack Allen

It's a Yum repository that must be installed manually. It would have a
file in /etc/yum.repos.d but I see from Nestors response that these arn't
necessarily related.

Cheers,

Shaun

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-10-2008, 06:39 PM
"Allen, Jack"
 
Default What does this mean

Nestor:
Did you get the information on how to ignore the entries in logwatch?

If so, can you provide it.

Another thing about logwatch is in RH AS 4.X it would log most all services started by xinetd, but in RH EL 5.X it does not. So I assume there is some configuration parameter somewhere that may control this. I would like to have that information again because it helps to see if there has been some kind of port scan done on the system.

Thanks:
Jack Allen

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:19 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

I opened a ticket (case# 1832642) because of this problem and this
is the response I got from rhel:
-------------
I tried to reproduce this problem here on test machines.

There is nothing wrong with the yum, but there is problem with the log filtering by logwatch.

You can ignore these messages in the logwatch report, also there is way with which we can ignore these messages in the logwatch report.

Please let us know if you want to ignore these log entries from the logwatch report.

Thanks & Regards,
Rajmani
------------

Néstor :-)

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com]On Behalf Of Shaun Meyer
Sent: Thursday, July 10, 2008 11:13 AM
To: General Red Hat Linux discussion list
Subject: Re: What does this mean


Hi,

On Thu, July 10, 2008 12:57 pm, Allen, Jack wrote:
> Hello:
> I get the following every day from Logwatch. I am running RedHat
> EL 5.2.
>
> Does this indicate there is a problem?
> Or is it just general information?
>

> --------------------- up2date Begin ------------------------
>
> **Unmatched Entries**
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
>
> ---------------------- up2date End -------------------------
>
> ---
> Thanks:
> Jack Allen


I 've been getting this same message, are you using/have enabled RPMforge?

Cheers,
Shaun

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-10-2008, 06:45 PM
"Florez, Nestor"
 
Default What does this mean

No, I never got the information on how to ignore it, I just chose to ignore it. Sorry :-(

Nestor :-)

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com]On Behalf Of Allen, Jack
Sent: Thursday, July 10, 2008 11:40 AM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean


Nestor:
Did you get the information on how to ignore the entries in logwatch?

If so, can you provide it.

Another thing about logwatch is in RH AS 4.X it would log most all services started by xinetd, but in RH EL 5.X it does not. So I assume there is some configuration parameter somewhere that may control this. I would like to have that information again because it helps to see if there has been some kind of port scan done on the system.

Thanks:
Jack Allen

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:19 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

I opened a ticket (case# 1832642) because of this problem and this
is the response I got from rhel:
-------------
I tried to reproduce this problem here on test machines.

There is nothing wrong with the yum, but there is problem with the log filtering by logwatch.

You can ignore these messages in the logwatch report, also there is way with which we can ignore these messages in the logwatch report.

Please let us know if you want to ignore these log entries from the logwatch report.

Thanks & Regards,
Rajmani
------------

Néstor :-)

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com]On Behalf Of Shaun Meyer
Sent: Thursday, July 10, 2008 11:13 AM
To: General Red Hat Linux discussion list
Subject: Re: What does this mean


Hi,

On Thu, July 10, 2008 12:57 pm, Allen, Jack wrote:
> Hello:
> I get the following every day from Logwatch. I am running RedHat
> EL 5.2.
>
> Does this indicate there is a problem?
> Or is it just general information?
>

> --------------------- up2date Begin ------------------------
>
> **Unmatched Entries**
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
>
> ---------------------- up2date End -------------------------
>
> ---
> Thanks:
> Jack Allen


I 've been getting this same message, are you using/have enabled RPMforge?

Cheers,
Shaun

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-11-2008, 05:45 PM
"Allen, Jack"
 
Default What does this mean

All:
After some research I was able to determine what the problem was and how to correct it. In /var/log/up2date the following entries are written each time up2date connects to RHN to check for updates:

[Fri Jul 11 11:58:34 2008] up2date updateLoginInfo() login info
[Fri Jul 11 11:58:34 2008] up2date logging into up2date server
[Fri Jul 11 11:58:35 2008] up2date successfully retrieved authentication token from up2date server

In /usr/share/logwatch/scripts/services/up2date the following perl code checks for some entries to ignore:

if ( ( $ThisLine =~ /^updating login info$/ ) or
( $ThisLine =~ /^Opening rpmdb in /var/lib/rpm/ with option .$/ ) or
( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or
AND MORE COMPARES

As you can see the first compare is looking for a line indicating the login information has been updated. Evidently the message has been changed and so it does not match. So I copied the file to /etc/logwatch/scripts/services/up2date and added another compare as follows:

if ( ( $ThisLine =~ /^updating login info$/ ) or
( $ThisLine =~ /^updateLoginInfo() login info/ ) or
( $ThisLine =~ /^Opening rpmdb in /var/lib/rpm/ with option .$/ ) or
( $ThisLine =~ /^successfully retrieved authentication token from up2date server$/ ) or

By copying the up2date file to the new location and adding my change there, it will be used when logwatch runs, because that is the way it is designed to function. Also if there is a update to logwatch it will not clobber my change. And after an update I can just rename the file and see if the update fixed this problem along with what ever else it fixed.

Thanks:
Jack Allen

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:46 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

No, I never got the information on how to ignore it, I just chose to ignore it. Sorry :-(

Nestor :-)

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com]On Behalf Of Allen, Jack
Sent: Thursday, July 10, 2008 11:40 AM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean


Nestor:
Did you get the information on how to ignore the entries in logwatch?

If so, can you provide it.

Another thing about logwatch is in RH AS 4.X it would log most all services started by xinetd, but in RH EL 5.X it does not. So I assume there is some configuration parameter somewhere that may control this. I would like to have that information again because it helps to see if there has been some kind of port scan done on the system.

Thanks:
Jack Allen

-----Original Message-----
From: redhat-list-bounces@redhat.com [mailto:redhat-list-bounces@redhat.com] On Behalf Of Florez, Nestor
Sent: Thursday, July 10, 2008 2:19 PM
To: General Red Hat Linux discussion list
Subject: RE: What does this mean

I opened a ticket (case# 1832642) because of this problem and this
is the response I got from rhel:
-------------
I tried to reproduce this problem here on test machines.

There is nothing wrong with the yum, but there is problem with the log filtering by logwatch.

You can ignore these messages in the logwatch report, also there is way with which we can ignore these messages in the logwatch report.

Please let us know if you want to ignore these log entries from the logwatch report.

Thanks & Regards,
Rajmani
------------

Néstor :-)

-----Original Message-----
From: redhat-list-bounces@redhat.com
[mailto:redhat-list-bounces@redhat.com]On Behalf Of Shaun Meyer
Sent: Thursday, July 10, 2008 11:13 AM
To: General Red Hat Linux discussion list
Subject: Re: What does this mean


Hi,

On Thu, July 10, 2008 12:57 pm, Allen, Jack wrote:
> Hello:
> I get the following every day from Logwatch. I am running RedHat
> EL 5.2.
>
> Does this indicate there is a problem?
> Or is it just general information?
>

> --------------------- up2date Begin ------------------------
>
> **Unmatched Entries**
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
>
> ---------------------- up2date End -------------------------
>
> ---
> Thanks:
> Jack Allen


I 've been getting this same message, are you using/have enabled RPMforge?

Cheers,
Shaun

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-12-2008, 05:16 AM
lonetwin
 
Default What does this mean

Thanks Allen.

Your info really helped :-)

On Fri, Jul 11, 2008 at 11:15 PM, Allen, Jack <Jack.Allen@mckesson.com>
wrote:

> All:
> After some research I was able to determine what the problem was and
> how to correct it. In /var/log/up2date the following entries are written
> each time up2date connects to RHN to check for updates:
>
> [Fri Jul 11 11:58:34 2008] up2date updateLoginInfo() login info
> [Fri Jul 11 11:58:34 2008] up2date logging into up2date server
> [Fri Jul 11 11:58:35 2008] up2date successfully retrieved authentication
> token from up2date server
>
> In /usr/share/logwatch/scripts/services/up2date the following perl
> code checks for some entries to ignore:
>
> if ( ( $ThisLine =~ /^updating login info$/ ) or
> ( $ThisLine =~ /^Opening rpmdb in /var/lib/rpm/ with option .$/ )
> or
> ( $ThisLine =~ /^successfully retrieved authentication token from
> up2date server$/ ) or
> AND MORE COMPARES
>
> As you can see the first compare is looking for a line indicating
> the login information has been updated. Evidently the message has been
> changed and so it does not match. So I copied the file to
> /etc/logwatch/scripts/services/up2date and added another compare as follows:
>
> if ( ( $ThisLine =~ /^updating login info$/ ) or
> ( $ThisLine =~ /^updateLoginInfo() login info/ ) or
> ( $ThisLine =~ /^Opening rpmdb in /var/lib/rpm/ with option .$/ )
> or
> ( $ThisLine =~ /^successfully retrieved authentication token from
> up2date server$/ ) or
>
> By copying the up2date file to the new location and adding my change
> there, it will be used when logwatch runs, because that is the way it is
> designed to function. Also if there is a update to logwatch it will not
> clobber my change. And after an update I can just rename the file and see if
> the update fixed this problem along with what ever else it fixed.
>
> Thanks:
> Jack Allen
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com [mailto:
> redhat-list-bounces@redhat.com] On Behalf Of Florez, Nestor
> Sent: Thursday, July 10, 2008 2:46 PM
> To: General Red Hat Linux discussion list
> Subject: RE: What does this mean
>
> No, I never got the information on how to ignore it, I just chose to ignore
> it. Sorry :-(
>
> Nestor :-)
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [mailto:redhat-list-bounces@redhat.com]On Behalf Of Allen, Jack
> Sent: Thursday, July 10, 2008 11:40 AM
> To: General Red Hat Linux discussion list
> Subject: RE: What does this mean
>
>
> Nestor:
> Did you get the information on how to ignore the entries in
> logwatch?
>
> If so, can you provide it.
>
> Another thing about logwatch is in RH AS 4.X it would log most all
> services started by xinetd, but in RH EL 5.X it does not. So I assume there
> is some configuration parameter somewhere that may control this. I would
> like to have that information again because it helps to see if there has
> been some kind of port scan done on the system.
>
> Thanks:
> Jack Allen
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com [mailto:
> redhat-list-bounces@redhat.com] On Behalf Of Florez, Nestor
> Sent: Thursday, July 10, 2008 2:19 PM
> To: General Red Hat Linux discussion list
> Subject: RE: What does this mean
>
> I opened a ticket (case# 1832642) because of this problem and this
> is the response I got from rhel:
> -------------
> I tried to reproduce this problem here on test machines.
>
> There is nothing wrong with the yum, but there is problem with the log
> filtering by logwatch.
>
> You can ignore these messages in the logwatch report, also there is way
> with which we can ignore these messages in the logwatch report.
>
> Please let us know if you want to ignore these log entries from the
> logwatch report.
>
> Thanks & Regards,
> Rajmani
> ------------
>
> Néstor :-)
>
> -----Original Message-----
> From: redhat-list-bounces@redhat.com
> [mailto:redhat-list-bounces@redhat.com]On Behalf Of Shaun Meyer
> Sent: Thursday, July 10, 2008 11:13 AM
> To: General Red Hat Linux discussion list
> Subject: Re: What does this mean
>
>
> Hi,
>
> On Thu, July 10, 2008 12:57 pm, Allen, Jack wrote:
> > Hello:
> > I get the following every day from Logwatch. I am running RedHat
> > EL 5.2.
> >
> > Does this indicate there is a problem?
> > Or is it just general information?
> >
>
> > --------------------- up2date Begin ------------------------
> >
> > **Unmatched Entries**
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> > updateLoginInfo() login info
> >
> > ---------------------- up2date End -------------------------
> >
> > ---
> > Thanks:
> > Jack Allen
>
>
> I 've been getting this same message, are you using/have enabled RPMforge?
>
> Cheers,
> Shaun
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 07-14-2008, 04:25 PM
Pat Riehecky
 
Default What does this mean

On Thu, 2008-07-10 at 12:57 -0500, Allen, Jack wrote:
> Hello:
> I get the following every day from Logwatch. I am running RedHat
> EL 5.2.
>
> Does this indicate there is a problem?
> Or is it just general information?
>
> --------------------- up2date Begin ------------------------
>
> **Unmatched Entries**
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
> updateLoginInfo() login info
>
> ---------------------- up2date End -------------------------

I submitted a patch up to the logwatch team a few months back to have it
ignore these lines, haven't seen it in their CVS yet though.... perhaps
it is my poor coding...

If you run the attached patch against your logwatch directory
(cd /usr/share ; patch -p< ~/logwatch_up2date.diff) you shouldn't see
the messages any more.... this will however void your logwatch support
with RedHat.

Pat
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 04-05-2012, 03:06 AM
Roger
 
Default What does this mean

I was browsing a site in Firefox and a page black site with a green logo
opened that said "Hacked by Nobody".


I read about the Nobody group in the Daniel Domsschiet-Berg book "Inside
Wikileaks" but do not know the relevance for me seeing that web page.

Can someone please explain this, is it something to be concerned about?
If so what steps should I take?

There is nothing on my pc of any interest to any one and I can find no
key loggers of note. I do not know what else to look for.
I am working in a voluntary capacity on a remote server setting up a
number of drupal sites, would these be in danger please?



Thanks in advance
Roger
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 04-05-2012, 08:31 AM
Reindl Harald
 
Default What does this mean

Am 05.04.2012 05:06, schrieb Roger:
> I was browsing a site in Firefox and a page black site with a green logo opened that said "Hacked by Nobody".

so what, one more hacked webserver :-)

> Can someone please explain this, is it something to be concerned about?

if it is not your website/server no

> If so what steps should I take?

not a single one

don't get me wrong but you can not get panic each time
some child writes "hacked" somewehre

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 
Old 04-05-2012, 08:58 AM
Roger
 
Default What does this mean

If so what steps should I take?

not a single one

don't get me wrong but you can not get panic each time
some child writes "hacked" somewehre

Thank you, I'm not panicking, I did not know whether it was an issue
or not.

Roger

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
 

Thread Tools




All times are GMT. The time now is 03:44 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org