lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <201109230942.p8N9gqAf021712@bari.maths.usyd.edu.au> Date: Fri, 23 Sep 2011 19:42:52 +1000 From: paul.szabo@...ney.edu.au To: full-disclosure@...ts.grok.org.uk, lists@...ckhat.bz Subject: Re: sshd logins without a source > ... I can see in each servers sshd logs an entry like the following: > Sep 22 12:57:14 test-vm sshd[25002]: pam_unix(sshd:session): session opened for user root by (uid=0) > Sep 22 12:57:32 test-vm sshd[25002]: pam_unix(sshd:session): session closed for user root > ... seems odd that there is no IP address corresponding with the > login, I can't seem to reproduce that on my test servers. I do not think that sshd normally logs its source. What do you mean that you cannot reproduce? - To produce the desired log, I added to /etc/hosts.allow the line sshd : all : spawn /usr/bin/logger -t"%d[%p]" "Connection source %h port %r" Cheers, Paul Paul Szabo psz@...hs.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists