Re: getgroup invalid argument in /var/adm/messages

From: Ramin Dousti (ramin_at_cannon.eng.us.uu.net)
Date: 07/24/03

  • Next message: Schubert, John [NTWK SVCS]: "RE: getgroup invalid argument in /var/adm/messages"
    Date: Thu, 24 Jul 2003 16:05:43 -0400
    To: djtech@djtech.org
    
    

    I might be wrong but I don't think its a matter of "sshd" belonging to what
    groups. It's the user who is logging into the machine, for whom a forked sshd
    is running, belonging to what groups. (I hope my statement is grammatically
    correct ;-)

    Ramin

    On Thu, Jul 24, 2003 at 03:17:20PM -0400, djtech@djtech.org wrote:

    > Sounds like SSH is doing its job then. To see how many groups sshd is in use
    > this cmd:
    >
    > grep -v ^# /etc/group|grep sshd|wc -l
    >
    > Quoting "Schubert, John [NTWK SVCS]" <jschub01@sprintspectrum.com>:
    >
    > > The only assigned groups I'm aware of are the GID assigned within /etc/group.
    > > I decided to take a look at the server's /etc/group file and was astounded.
    > > Their group file was thousands of lines long, with dozens blank or containing
    > > only a single name for a group. I have a script that we built for rogue
    > > systems which we were taking over sys admin duties that also have a group
    > > file out of control. So I will run this script and see if the nagging alarm
    > > goes away.
    > >
    > > There were so many lines, I couldn't tell you how many groups are in the
    > > file. I would estimate 18-25.
    > >
    > > Thanks..
    > > John
    >


  • Next message: Schubert, John [NTWK SVCS]: "RE: getgroup invalid argument in /var/adm/messages"

    Relevant Pages

    • Some new SSH exploit script?
      ... My SSHd is getting HAMMERED today, ... Download FREE whitepaper on how a managed service can ...
      (Pen-Test)
    • Re: How to start rc script after sshd starts?
      ... What is the recommended way to get this script to start after sshd has ... matters, the daemon is smokeping. ... Another option is to create a dummy script: ...
      (freebsd-stable)
    • Re: SSH Solaris
      ... and just call an external script to send you ... If you are not running the sshd ... managed by inetd. ... First, each connection is a new instance of the sshd daemon, so it ...
      (comp.security.ssh)
    • Re: [PATCH] Re: /etc/rc.d/sshd : "kldload random" missing?
      ... >>which sshd depends on (and others if they're found ... > script already.. ... Do You Yahoo!? ... Mail has the best spam protection around ...
      (freebsd-stable)
    • Re: script kiddies or something worse? how can i tell
      ... > i get regularly with an obviously script based ... > the sshd port of the main server, ... but I had to leave ssh open for various ... As the system admin, you need to evaluate the risk. ...
      (comp.os.linux.security)