En parcourant les logs ce matin j'ai trouvé des lignes que je n'avais
jamais lues auparavant
dans /var/log/auth.log
Feb 1 06:25:01 deltamsg su[29415]: Successful su for amavis by root
Feb 1 06:25:01 deltamsg su[29415]: + ??? root:amavis
Feb 1 06:25:01 deltamsg su[29415]: (pam_unix) session opened for user
amavis by (uid=0)
Feb 1 06:25:11 deltamsg su[29415]: (pam_unix) session closed for user
amavis
Feb 1 06:25:30 deltamsg su[30085]: Successful su for nobody by root
Feb 1 06:25:30 deltamsg su[30085]: + ??? root:nobody
Feb 1 06:25:30 deltamsg su[30085]: (pam_unix) session opened for user
nobody by (uid=0)
Feb 1 06:25:30 deltamsg su[30085]: (pam_unix) session closed for user
nobody
Feb 1 06:25:30 deltamsg su[30089]: Successful su for nobody by root
Feb 1 06:25:30 deltamsg su[30089]: + ??? root:nobody
Feb 1 06:25:30 deltamsg su[30089]: (pam_unix) session opened for user
nobody by (uid=0)
Feb 1 06:25:30 deltamsg su[30089]: (pam_unix) session closed for user
nobody
Feb 1 06:25:30 deltamsg su[30091]: Successful su for nobody by root
Feb 1 06:25:30 deltamsg su[30091]: + ??? root:nobody
Feb 1 06:25:30 deltamsg su[30091]: (pam_unix) session opened for user
nobody by (uid=0)
Feb 1 06:25:42 deltamsg su[30091]: (pam_unix) session closed for user
nobody
Je précise le contexte, il s'agit d'une machine sous Debian etch qui
héberge un serveur LAMP et Mail...
Est ce que vous voyez là des raisons de s'inquiter?