Question/concern about bsm auditing option on solaris
Darren Tucker
dtucker at zip.com.au
Fri Mar 4 07:06:56 EST 2005
Matt Goebel wrote:
> I downloaded and compiled the Mar 2, 2005 snapshot and compiled it with
> bsm auditing for solaris turned on. I've been noticing about a dozen or
> so of the following messages per day now. Not sure exactly what it is, or
> if it is a big issue.
>
> Mar 3 13:46:10 machine_name sshd[15298]: [ID 800047 auth.crit] fatal: mm_request_send: write
If that message is preceded by "unpermitted request 56" or similar then I
think I know what it is: something is causing an audit event before the
monitor has allowed them. I suspect it's a connection that is
disconnected without supplying a username, or which supplies a username
but does not attempt any auth methods.
Please try this patch.
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-bsm-monitor.patch
Url: http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20050304/e34e833f/attachment.ksh
More information about the openssh-unix-dev
mailing list