1

Today I found the following in the daily logwatch of my debian server:

--------------------- Connections (secure-log) Begin ------------------------ 


**Unmatched Entries**
sg: user 'root' (login '???' on ???) returned to group 'root': 1 Time(s)
sg: user 'root' (login '???' on ???) switched to group 'list': 1 Time(s)

---------------------- Connections (secure-log) End -------------------------

Can anyone explain to me what happend there? Should I somehow react on that?

SSH root login is disabled and only public key login is allowed. I did not login yesterday.

Thank you in advance for any explanations.

ma0ho
  • 199
  • 1
  • 4
  • My guess would be that some part of the NSS, for example, was briefly unavailable and hence the returned data was invalid. Looking forward to an authoritative answer. Good question. – 0xC0000022L Apr 08 '15 at 08:30
  • Any chance you updated your Mailman install? A security patch was just released for it if you are still on Wheezy, that might cause the log entry you're seeing. –  Apr 08 '15 at 16:43
  • I have seen the same here. And yes, Mailman has been upgraded the same day: Upgraded: mailman 1:2.1.14-3ubuntu0.1 => 1:2.1.14-3ubuntu0.2 –  Apr 10 '15 at 14:28
  • Ok, I just took a closer look on that and found that my mailman also has been upgraded. – ma0ho Apr 13 '15 at 11:24

1 Answers1

0

As I am not the only one encountering these entries, it seems to be the mailman upgrade that is responsiable for that.

Thanks for sharing your experiences.

ma0ho
  • 199
  • 1
  • 4