We have updated the PBX to the latest version and got a security alarm raised that a new user was created.
Looking at the secure logs we see:
Jun 15 03:40:22 abcpbx.hostname useradd[379645]: new user: name=dnsmasq, UID=109, GID=65534, home=/var/lib/misc, shell=/usr/sbin/nologin, from=/dev/pts/1
Jun 15 03:40:22 abcpbx.hostname usermod[379652]: change user 'dnsmasq' password
Jun 15 03:40:23 abcpbx.hostname chage[379659]: changed password expiry for dnsmasq
Jun 15 03:40:23 abcpbx.hostname chfn[379663]: changed user 'dnsmasq' information
What is this user? Why was it added?