I did updates from your repository yesterday: psa-proftp, mysql, and today i get this message from my rkhunter scan
Warning: Users have been added to the passwd file:
snortd62:62:Snort Daemon:/var/lib/snort:/sbin/nologin
Warning: Groups have been added to the group file:
snortd62:
What is that? Is this something bad? I didn't put this there, so could it be some kind of snoop?
snort???
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: snort???
Snort (www.snort.org) is a network based intrusion detection system. You might wanna check your yum logs to see how you got that installed
Re: snort???
got it from art. guess i did not check what was being installed.
May 11 09:41:11 Installed: mysql-libs-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Updated: mysql-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Installed: 14:libpcap-0.9.4-14.el5.x86_64
May 11 09:41:13 Installed: libprelude-0.9.21.2-1.el5.art.x86_64
May 11 09:41:14 Installed: snort-2.8.1-5.el5.art.x86_64
May 11 09:41:16 Updated: mysql-server-5.0.79-1.el5.art.x86_64
So, i assume if from you that all is well. Correct. Therefore i should go ahead and configure? Is this something you recommend?
May 11 09:41:11 Installed: mysql-libs-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Updated: mysql-5.0.79-1.el5.art.x86_64
May 11 09:41:12 Installed: 14:libpcap-0.9.4-14.el5.x86_64
May 11 09:41:13 Installed: libprelude-0.9.21.2-1.el5.art.x86_64
May 11 09:41:14 Installed: snort-2.8.1-5.el5.art.x86_64
May 11 09:41:16 Updated: mysql-server-5.0.79-1.el5.art.x86_64
So, i assume if from you that all is well. Correct. Therefore i should go ahead and configure? Is this something you recommend?
-
- Atomicorp Staff - Site Admin
- Posts: 8355
- Joined: Wed Dec 31, 1969 8:00 pm
- Location: earth
- Contact:
Re: snort???
That would indicate to me that something else you had on the system has installed it as a dependency. Prelude perhaps, etc. Anyway, I cant really say yes or no here, this is one of those "it depends" things.