[3107] in Release_7.7_team
Re: Athena 9.0.24 for Linux tonight
daemon@ATHENA.MIT.EDU (Thomas E Cavin)
Fri Jan 25 13:40:28 2002
From: Thomas E Cavin <cavin@MIT.EDU>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <15441.42643.201097.312939@lap1-wccf.mit.edu>
Date: Fri, 25 Jan 2002 13:40:19 -0500
To: Garry Zacheiss <zacheiss@mit.edu>
Cc: Thomas E Cavin <cavin@mit.edu>,
Athena Software Release Team <release-team@mit.edu>
In-Reply-To: <15441.37945.9117.460640@lap1-wccf.mit.edu>
Hi Garry,
Just to let you know, my suspicions have been confirmed. One of my
sys-admins had insomnia.
Thanks,
--Tom
Thomas E Cavin writes:
>
> Hi Garry,
>
> The two systems that reported the root logins are Five-Percent-Nation and
> Maddalena. My current suspicion is that the root logins were from someone
> with legitimate root access--probably Stefan Stasik <stasik@mite.edu>--as
> part of a log-checking script. I'll check with him when he gets in today.
>
> Thanks,
>
> --Tom
>
> Garry Zacheiss writes:
> > >> I've gotten two reports this morning of root logins from Nerd-Xing to
> > >> some of my Athena Linux systems within a few minutes of their taking
> > >> the update to 9.0.25.
> >
> > I assume you mean 9.0.24 here.
> >
> > >> First question: was this update forced? (I think someone was on one
> > >> of the systems when it updated.)
> >
> > No, there was nothing special about this patch release; machines
> > would have taken it or not as they always have.
> >
> > >> Second question: were the subsequent root logins from Nerd-Xing (at
> > >> least 8 between 4:13 and 4:;37 on one host) part of the update
> > >> process?
> >
> > No; nerd-xing is one of the Athena dialup servers. It's never going
> > to be part of the update process. If you tell me the names of the
> > machines that were logged into, I can probably tell you what accounts
> > opened the connections to them from nerd-xing, but you should probably
> > also ask around and see if anyone who has root access to those machines
> > used it last night will logged into nerd-xing.
> >
> > Garry
--
Tom Cavin Phone: (617) 258 - 7806
WCCF Computer Operations Manager Email: tec@ai.mit.edu