[3104] in Release_7.7_team
Re: Athena 9.0.24 for Linux tonight
daemon@ATHENA.MIT.EDU (Thomas E Cavin)
Fri Jan 25 12:22:05 2002
From: Thomas E Cavin <cavin@MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15441.37945.9117.460640@lap1-wccf.mit.edu>
Date: Fri, 25 Jan 2002 12:22:01 -0500
To: Garry Zacheiss <zacheiss@mit.edu>
Cc: Thomas E Cavin <cavin@mit.edu>,
Athena Software Release Team <release-team@mit.edu>
In-Reply-To: <200201251644.LAA20235@riff-raff.mit.edu>
Hi Garry,
The two systems that reported the root logins are Five-Percent-Nation and
Maddalena. My current suspicion is that the root logins were from someone
with legitimate root access--probably Stefan Stasik <stasik@mite.edu>--as
part of a log-checking script. I'll check with him when he gets in today.
Thanks,
--Tom
Garry Zacheiss writes:
> >> I've gotten two reports this morning of root logins from Nerd-Xing to
> >> some of my Athena Linux systems within a few minutes of their taking
> >> the update to 9.0.25.
>
> I assume you mean 9.0.24 here.
>
> >> First question: was this update forced? (I think someone was on one
> >> of the systems when it updated.)
>
> No, there was nothing special about this patch release; machines
> would have taken it or not as they always have.
>
> >> Second question: were the subsequent root logins from Nerd-Xing (at
> >> least 8 between 4:13 and 4:;37 on one host) part of the update
> >> process?
>
> No; nerd-xing is one of the Athena dialup servers. It's never going
> to be part of the update process. If you tell me the names of the
> machines that were logged into, I can probably tell you what accounts
> opened the connections to them from nerd-xing, but you should probably
> also ask around and see if anyone who has root access to those machines
> used it last night will logged into nerd-xing.
>
> Garry
>
--
Tom Cavin Phone: (617) 258 - 7806
WCCF Computer Operations Manager Email: tec@ai.mit.edu