[ale] Have I been hacked?
Mark Wright
mark_wright at bellsouth.net
Thu Jan 8 21:36:46 EST 2009
On Jan 8, 2009, at 9:25 PM, Brian Pitts wrote:
> On Thu, 2009-01-08 at 21:11 -0500, Mark Wright wrote:
>
>>
>>
>> A quick restart fixed the keyboard. My remaining question is does
>> the entry in /var/log/auth.log indicate trouble? It shows some
>> authorization action involving my userid at 7:30 this morning
>> while I was on the road to Norcross. I don't know if this normal.
>>
>>
>> See the log below.
>>
>>
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: root : TTY=unknown ;
>> PWD=/ ; USER=mark ; COMMAND=/usr/bin/gconftool --get /system/
>> http_proxy/use_http_proxy
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session):
>> session opened for user mark by (uid=0)
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session):
>> session closed for user mark
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: root : TTY=unknown ;
>> PWD=/ ; USER=mark ; COMMAND=/usr/bin/gconftool --get /system/
>> http_proxy/host
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session):
>> session opened for user mark by (uid=0)
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session):
>> session closed for user mark
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: root : TTY=unknown ;
>> PWD=/ ; USER=mark ; COMMAND=/usr/bin/gconftool --get /system/
>> http_proxy/port
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session):
>> session opened for user mark by (uid=0)
>> Jan 7 07:35:02 Gateway-Ubuntu sudo: pam_unix(sudo:session):
>> session closed for user mark
>
> This is normal. It's caused by the script /etc/cron.daily/apt
>
Thanks, I didn't look nefarious but all the other weirdness had me
worried.
More information about the Ale
mailing list