pam_unix(cron:session): session opened for user root

[동우]

단순하게 오류 인줄 알았는대 해킹 당한 것 같다 ㅠㅠ..

http://www.howtoforge.com/forums/archive/index.php/t-18806.html

Dec 29 06:25:01 dragon su[30607]: Successful su for nobody by root
Dec 29 06:25:01 dragon su[30607]: + ??? root:nobody
Dec 29 06:25:01 dragon su[30607]: (pam_unix) session opened for user nobody by (uid=0)
Dec 29 06:25:01 dragon su[30607]: (pam_unix) session closed for user nobody
Dec 29 06:25:01 dragon su[30609]: Successful su for nobody by root
Dec 29 06:25:01 dragon su[30609]: + ??? root:nobody
Dec 29 06:25:01 dragon su[30609]: (pam_unix) session opened for user nobody by (uid=0)
Dec 29 06:25:01 dragon su[30609]: (pam_unix) session closed for user nobody
Dec 29 06:25:01 dragon su[30611]: Successful su for nobody by root
Dec 29 06:25:01 dragon su[30611]: + ??? root:nobody
Dec 29 06:25:01 dragon su[30611]: (pam_unix) session opened for user nobody by (uid=0)
Dec 29 06:25:03 dragon su[30611]: (pam_unix) session closed for user nobody

http://serverfault.com/questions/225744/pam-unixcronsession-session-opened-for-user-root-by-uid-0
find /etc/ -type f -exec grep -E "^28[ \t]" {} \; -print

http://www.linux.co.kr/home2/board/subbs/board.php?bo_table=linuxserver&wr_id=34577&page=
그냥 백업 프로그램이라고 -_-;;

crontab -l

구글에 검색 해보니 해킹이다 머다 하는대 그냥 백업 프로그램 돌아 가면 나타 나는 현상 같네요..

cd /etc/xdg/autostart
sudo sed --in-place 's/NoDisplay=true/NoDisplay=false/g' *.desktop

해서 백업 제거 하면 되고..

vi /etc/crontab

vi /etc/cron.d/anacron
안쓰는 알람 제거
dd

wq

해서 제거 해도 될 듯 하네요