Results 1 to 4 of 4

Thread: Weird message in syslog: (root) LIST (nobody)

  1. #1
    Join Date
    Jun 2012
    Beans
    310

    Weird message in syslog: (root) LIST (nobody)

    I've seen this weird message in syslog:

    Code:
    Dec 16 13:28:46 ubuntu-desktop /usr/bin/crontab[20278]: (root) LIST (nobody)
    that (nobody) looked out of context,so I've examined other logs and found that it matches time-wise exactly this event:

    Dec 16 13:28:46 ubuntu-desktop sudo: ubuntu : TTY=pts/10 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/sbin/chkrootkit
    which I can attribute to myself launching (as root) the rkhunter --update command,if memory serves:so what was going on exactly ?

    Both rkhunter and chrootkit report no issues and nmap doesn't find any unusual ports open,auth.log did not show other users logged and besides ssh is not installed as I don't need it.
    So what does that (nobody) stand for ?

  2. #2
    Soul-Sing is offline Chocolate-Covered Ubuntu Beans
    Join Date
    Aug 2006
    Beans
    1,374
    Distro
    Ubuntu 13.04 Raring Ringtail

    Re: Weird message in syslog: (root) LIST (nobody)

    I am on lubuntu (now) It has to do with the /etc/lightdm/'custom users'
    or in ubuntu gnome /etc/gdm/'custum users'
    There are user1,user2 and nobody in this file.
    Maybe disabling guestaccounts will solve this for ya.

  3. #3
    Join Date
    Oct 2007
    Beans
    338

    Re: Weird message in syslog: (root) LIST (nobody)

    In many Unix variants, "nobody" is the conventional name of a user account which owns no files, is in no privileged groups, and has no abilities except those which every other user has.

    It is common to run daemons as nobody, especially servers, in order to limit the damage that could be done by a malicious user who gained control of them.

  4. #4
    Join Date
    Jun 2012
    Beans
    310

    Re: Weird message in syslog: (root) LIST (nobody)

    So,keeping in mind that this is not a server but just a home computer with a single user account (mine,obviously) we could chalk that up to the system performing some maintenance task or routine check ?

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •