On 08/21/2015 07:32 AM, Marco Calistri wrote:
Hello,
I'm monitoring the /var/log/messages and I noticed this kind of warning (there are many similar):
2015-08-21T11:16:05.451779-03:00 linux-turion64 kernel: [ 9894.977105] audit: type=2404 audit(1440166565.450:788): pid=4260 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=ec:a9:63:90:61:bf:ea:53:d3:1b:fa:c3:38:da:ff:cc [MD5] direction=? spid=4260 suid=0 exe="/usr/sbin/sshd" hostname=? addr=125.121.146.24 terminal=? res=success'
Have I to be worried?
I'm not familiar with that particular message, but the fact that 125.121.146.24 is in China would make me very nervous! It's also blackholed by spamhaus. Do the other warnings reference the same IP? Are you running sshd? Are you seeing any "sshd" entries in /var/log/messages? Regards, Lew -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org