I've just (15.Aug) completed a bigger yum update. Afterwards I made a system shutdown and boot for some other reason and now I can see few log messages in /var/log/secure that I don't know what they are:
Aug 15 14:08:36 jupiter groupadd[6493]: group added to /etc/group: name=stapsys, GID=157
Aug 15 14:08:36 jupiter groupadd[6493]: group added to /etc/gshadow: name=stapsys
Aug 15 14:08:36 jupiter groupadd[6493]: new group: name=stapsys, GID=157
Aug 15 14:08:38 jupiter useradd[6503]: failed adding user 'mysql', data deleted
Aug 15 14:08:47 jupiter useradd[6532]: failed adding user 'tcpdump', data deleted
(jupiter is my hostname)
What is this stapsys ? and why did the process try to add mysql and tcpdump user (All of this happened during boot automatically)
Should i worry? Thanks in advance to anyone for some hint...
Suspicious log message - stapsys ?
Suspicious log message - stapsys ?
stapsys is a user associated with the systemtap package. All those messages were probably produced during the yum update - many packages have pre and post install scripts that user useradd and groupadd to set up the users that they will run with.