On Fri, Aug 21, 2015 at 5:32 PM, Marco Calistri
Hello,
I'm monitoring the /var/log/messages and I noticed this kind of warning (there are many similar):
2015-08-21T11:16:05.451779-03:00 linux-turion64 kernel: [ 9894.977105] audit: type=2404 audit(1440166565.450:788): pid=4260 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=ec:a9:63:90:61:bf:ea:53:d3:1b:fa:c3:38:da:ff:cc [MD5] direction=? spid=4260 suid=0 exe="/usr/sbin/sshd" hostname=? addr=125.121.146.24 terminal=? res=success'
Have I to be worried?
As far as I know, this is audit message logged by sshd when it destroys run-time session keys. So if IP or the fact of remote connection are not expected it may mean someone is probing your server. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org