authentication failure

Chuck Vose vosechu at gmail.com
Sat May 28 17:20:23 UTC 2005


On 5/28/05, R Kimber <rkimber at ntlworld.com> wrote:
> Each time I successfully type in the password and start synaptic or the
> update notifier, logcheck sends me a message along the lines of:-
> 
> sudo: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=
> ruser= rhost=  user=<username>

Double check the date, this might actually be someone attempting to
access (as most linux systems that are connected to the internet get
this message several times a day). Even so it isn't a big concern if
you have decent passwords on your accounts.

> Given that the failure doesn't stop anything working, what is the point
> of the message?  Is there any harm in having logcheck ignore it
> permanently?

Does it hurt you? I believe this is a case of turning something off
that doesn't hurt or help but could conceivably help someday. I would
just try to find something that's unique to your system (say, an ip)
and grep -v those lines out.

Hopefully someone else will have an idea about exactly why this is
actually happening though, maybe it's a bug that certainly seems worth
fixing (if it is indeed a bug).

-Chuck




More information about the ubuntu-users mailing list