Gregory Machin wrote: > Hi. > I'm seeing a lot of entries in /var/log/audit/audit.log > acct=28756E6B6E6F776E207573657229 , which apparently means unknown user . > > Sample from the logs : > type=USER_LOGIN msg=audit(1370998250.746:1622709): user pid=16762 uid=0 > auid=4294967295 ses=4294967295 msg='op=login > acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? > addr=127.0.0.1 terminal=ssh res=failed' > > How do I track down what is causing this ? Thus far I have has not luck > using the pid with ps or lsof as it seems the process has gone by the > time I respond to the log entries. it looks like a failed login attempt through ssh, but I would check /var/log/secure which may be more explicit _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos
Re: Audit logs containing 28756E6B6E6F776E207573657229
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- To: CentOS mailing list <centos@xxxxxxxxxx>
- Subject: Re: Audit logs containing 28756E6B6E6F776E207573657229
- From: Nicolas Thierry-Mieg <Nicolas.Thierry-Mieg@xxxxxxx>
- Date: Wed, 12 Jun 2013 11:40:26 +0200
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <51B7C94B.60209@gmail.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 SeaMonkey/2.16.2
- Follow-Ups:
- Re: Audit logs containing 28756E6B6E6F776E207573657229
- From: Gregory Machin
- Re: Audit logs containing 28756E6B6E6F776E207573657229
- References:
- Audit logs containing 28756E6B6E6F776E207573657229
- From: Gregory Machin
- Audit logs containing 28756E6B6E6F776E207573657229
- Prev by Date: Re: Unable to change runlevel at boot time
- Next by Date: Re: CESA-2013:0898 & CEBA-2013:0902, centos 5.9 repodata not pushed?
- Previous by thread: Audit logs containing 28756E6B6E6F776E207573657229
- Next by thread: Re: Audit logs containing 28756E6B6E6F776E207573657229
- Index(es):
 |