[Bug 2245] Multiple USER_LOGIN messages when linux audit support is enabled on bad login
bugzilla-daemon at mindrot.org
bugzilla-daemon at mindrot.org
Fri Jun 13 08:34:56 EST 2014
https://bugzilla.mindrot.org/show_bug.cgi?id=2245
--- Comment #2 from Laurent Bigonville <l.bigonville at edpnet.be> ---
Correction on Fedora, with an unknown user, I'm getting 2 messages when
using an unknown user (not sure this is actually expected)
The 1st one immediately on connection
type=USER_LOGIN msg=audit(1402612040.555:407): pid=1980 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=?
addr=192.168.122.1 terminal=ssh res=failed'
The 2nd when the connection is closed (ctrl-c on the client side)
type=USER_LOGIN msg=audit(1402612042.009:412): pid=1980 uid=0
auid=4294967295 ses=4294967295
subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login
acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=?
addr=192.168.122.1 terminal=ssh res=failed'
But I can confirm that with an existing user and a wrong password, I'm
only seeing one message at the end of the connection (either reached
the number of max retry or by closing the connection)
--
You are receiving this mail because:
You are watching the assignee of the bug.
More information about the openssh-bugs
mailing list