Created
December 11, 2015 18:25
-
-
Save KLuka/2ed26727c1f1ce7679cb to your computer and use it in GitHub Desktop.
/bin/login bug
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Dec 11 13:23:15 localhost.localdomain audit[10110]: <audit-1100> pid=10110 uid=1000 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=pam_unix acct="liveuser" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[10110]: <audit-1101> pid=10110 uid=1000 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_unix acct="liveuser" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:15 localhost.localdomain sudo[10110]: liveuser : TTY=pts/2 ; PWD=/home/liveuser ; USER=root ; COMMAND=/bin/login liveuser | |
| Dec 11 13:23:15 localhost.localdomain audit[10110]: <audit-1123> pid=10110 uid=1000 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='cwd="/home/liveuser" cmd=6C6F67696E206C69766575736572 terminal=pts/2 res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[10110]: <audit-1110> pid=10110 uid=0 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:15 localhost.localdomain sudo[10110]: pam_unix(sudo:session): session opened for user root by liveuser(uid=0) | |
| Dec 11 13:23:15 localhost.localdomain audit[10110]: <audit-1105> pid=10110 uid=0 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-1106> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-1113> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:15 localhost.localdomain sshd[9891]: Received disconnect from 192.168.1.100: 11: disconnected by user | |
| Dec 11 13:23:15 localhost.localdomain sshd[9891]: Disconnected from 192.168.1.100 | |
| Dec 11 13:23:15 localhost.localdomain sshd[9883]: error: mm_request_receive: socket closed | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-2404> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:1b:93:bb:a0:70:1d:7d:76:78:49:36:65:d4:5e:ad:d4:50:66:36:2c:25:1a:20:f2:04:70:b8:d6:b4:38:69:60 direction=? spid=9891 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-2404> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=9891 suid=1000 rport=55842 laddr=192.168.1.102 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain login[10114]: FATAL: can't reopen tty: No such file or directory | |
| Dec 11 13:23:15 localhost.localdomain sshd[9883]: pam_unix(sshd:session): session closed for user liveuser | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-1106> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="liveuser" exe="/usr/sbin/sshd" hostname=192.168.1.100 addr=192.168.1.100 terminal=ssh res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-1104> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="liveuser" exe="/usr/sbin/sshd" hostname=192.168.1.100 addr=192.168.1.100 terminal=ssh res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-2404> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:14:8d:35:ee:2b:81:fa:9e:02:a6:37:fc:7e:91:3b:65:b3:88:cd:8e:8c:c2:3a:04:b6:78:03:db:bf:11:d1:a4 direction=? spid=9883 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-2404> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:de:7e:97:80:31:d6:2b:66:b0:32:29:cd:18:29:33:77:61:e8:2c:15:63:88:c1:f1:a6:5a:67:f6:46:5a:d4:6c direction=? spid=9883 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9883]: <audit-2404> pid=9883 uid=0 auid=1000 ses=14 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:1b:93:bb:a0:70:1d:7d:76:78:49:36:65:d4:5e:ad:d4:50:66:36:2c:25:1a:20:f2:04:70:b8:d6:b4:38:69:60 direction=? spid=9883 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-1106> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.1.100 addr=192.168.1.100 terminal=ssh res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-1113> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login id=1000 exe="/usr/sbin/sshd" hostname=192.168.1.100 addr=192.168.1.100 terminal=ssh res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-2404> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=9899 suid=1000 rport=55851 laddr=192.168.1.102 lport=22 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-2404> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:1b:93:bb:a0:70:1d:7d:76:78:49:36:65:d4:5e:ad:d4:50:66:36:2c:25:1a:20:f2:04:70:b8:d6:b4:38:69:60 direction=? spid=9899 suid=1000 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain sshd[9887]: pam_unix(sshd:session): session closed for user liveuser | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-1106> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_selinux,pam_loginuid,pam_selinux,pam_namespace,pam_keyinit,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_lastlog acct="liveuser" exe="/usr/sbin/sshd" hostname=192.168.1.100 addr=192.168.1.100 terminal=ssh res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-1104> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="liveuser" exe="/usr/sbin/sshd" hostname=192.168.1.100 addr=192.168.1.100 terminal=ssh res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-2404> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:14:8d:35:ee:2b:81:fa:9e:02:a6:37:fc:7e:91:3b:65:b3:88:cd:8e:8c:c2:3a:04:b6:78:03:db:bf:11:d1:a4 direction=? spid=9887 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-2404> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:de:7e:97:80:31:d6:2b:66:b0:32:29:cd:18:29:33:77:61:e8:2c:15:63:88:c1:f1:a6:5a:67:f6:46:5a:d4:6c direction=? spid=9887 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain audit[9887]: <audit-2404> pid=9887 uid=0 auid=1000 ses=15 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:1b:93:bb:a0:70:1d:7d:76:78:49:36:65:d4:5e:ad:d4:50:66:36:2c:25:1a:20:f2:04:70:b8:d6:b4:38:69:60 direction=? spid=9887 suid=0 exe="/usr/sbin/sshd" hostname=? addr=192.168.1.100 terminal=? res=success' | |
| Dec 11 13:23:15 localhost.localdomain systemd-logind[801]: Removed session 15. | |
| Dec 11 13:23:20 localhost.localdomain sudo[10110]: pam_unix(sudo:session): session closed for user root | |
| Dec 11 13:23:20 localhost.localdomain audit[10110]: <audit-1106> pid=10110 uid=0 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_keyinit,pam_limits,pam_keyinit,pam_limits,pam_systemd,pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:20 localhost.localdomain audit[10110]: <audit-1104> pid=10110 uid=0 auid=1000 ses=14 subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_unix acct="root" exe="/usr/bin/sudo" hostname=? addr=? terminal=/dev/pts/2 res=success' | |
| Dec 11 13:23:20 localhost.localdomain systemd-logind[801]: Removed session 14. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment