I've been reading up on network security in Linux and one of the main items to monitor, according to the posts I read, is your system's logs (Syslog). So, I thought I would do that this morning and watch what happens after a fresh boot. Everything looked normal except for the below entry that I captured:
Process Message
Anacron[5337] Job "cron.daily" terminated (exit status: 1) (mailing output)
syslogd 1.4.1 # 21 ubuntu 3 restart
Anacron [5337] normal exit
Immediately after this, the entire syslog that was recorded during bootup and for about 5 minutes after bootup was complete - was deleted. So, fearing a security problem, I opened the anacron config file and commented out every item so that no process could run.
Was this a normal process or have I been compromised ?
Mike
					Process Message
Anacron[5337] Job "cron.daily" terminated (exit status: 1) (mailing output)
syslogd 1.4.1 # 21 ubuntu 3 restart
Anacron [5337] normal exit
Immediately after this, the entire syslog that was recorded during bootup and for about 5 minutes after bootup was complete - was deleted. So, fearing a security problem, I opened the anacron config file and commented out every item so that no process could run.
Was this a normal process or have I been compromised ?

Mike


 <br />Ham Radio Rules
<br />Ham Radio Rules

 Thanks but I have already read those. I understand what anacron is and what it is/can do. However, what does "(mailing output)" mean? What is it mailing? To whom is it mailing this data?
 Thanks but I have already read those. I understand what anacron is and what it is/can do. However, what does "(mailing output)" mean? What is it mailing? To whom is it mailing this data?
							
						
Comment