[leglug-users] mysql shell ??!
Naim Abu Darwish
naim.abu.darwish at gmail.com
Mon Jun 18 17:52:18 EDT 2007
hello,
I have a machine that i use for testing, putting all sorts of stuff on before moving to production enviroment. Looking through log files the other day, i found this in /var/log/mysql.log ::
/bin/sh: root: command not found
/bin/sh: root: command not found
/bin/sh: root: command not found
/bin/sh: root: command not found
Something is trying to use mysql user to get a shell, something that should not have a shell.
Thats only normal because the entry for the mysql user in /etc/passwd is ::
mysql:x:60:60:added by portage for mysql:/dev/null:/bin/false
The only way i can think of to further trace what causes this issue is to try to find what files the mysql user owns, and who,what,when, how .. is trying to get a shell.
find / -path '/proc' -prune -o -path '/dev' -prune -o -type f -user mysql, lsof, netstat etc etc ..
Long story short, i could not trace what was causing issue, but im interested in possible scenarios of how this might have started in the first place.
--
Naim Abu Darwish <naim.abu.darwish at gmail.com>
More information about the leglug-users
mailing list