Hi all! I'm a Technology Coordinator at a small theraputic school. I'm new to Clearos but loving it so far (I switched from endian firewall).

So I'm looking through the logs, specifically "secure" and I find numerous versions of the following (replace someusername with one of our 40 users - all of them seem to appear at one point or another):

Jun 25 07:12:07 firewall unix_chkpwd[3421]: check pass; user unknown
Jun 25 07:12:07 firewall unix_chkpwd[3422]: check pass; user unknown
Jun 25 07:12:07 firewall unix_chkpwd[3422]: password check failed for user (someusername)
Jun 25 07:12:07 firewall (pam_auth): pam_unix(squid:auth): authentication failure; logname= uid=23 euid=23 tty= ruser= r

My research points me in the direction of squid not being able to access /etc/shadow but I'm not sure that's really the issue. Coincidentally, or maybe not, /etc/shadow and /etc/shadow- both have permissions of 000 which is weird... right?

Anyway, anyone here have tips or explanations for uncovering the root of the above errors? They're burying any real alerts under a ton of noise.

Thanks much!

-ry