Security question regarding root email

Jeff Vian jvian10 at charter.net
Wed Jan 4 02:26:48 UTC 2006 

On Mon, 2006-01-02 at 07:14 -0700, Craig White wrote:
> On Mon, 2006-01-02 at 07:21 -0600, Charles Howse wrote:
> > > On 1/1/06, John Summerfied <debian at herakles.homelinux.org> wrote:
> > >> Dotan Cohen wrote:
> > >>> I haven't read root's email in about a month. Now that I get around to
> > >>> it, I am suprised to see things that I have never seen before, such
> > >>> as:
> > >>>  --------------------- pam_unix Begin ------------------------
> > >>>  kde-np:
> > >>>     Unknown Entries:
> > >>>        session opened for user dotancohen by (uid=0): 1 Time(s)
> > >>>  ---------------------- pam_unix End -------------------------
> > >>> 
> > >>>  --------------------- Smartd Begin ------------------------
> > >>>  **Unmatched Entries**
> > >>>  smartd received signal 15: Terminated
> > >>>  smartd is exiting (exit status 0)
> > >>>  ---------------------- Smartd End -------------------------
> > >>> 
> > >>>  --------------------- Selinux Audit Begin ------------------------
> > >>>   Number of audit daemon starts: 1
> > >>>   Number of audit daemon stops: 2
> > >>>  *** Logs which could mean a bug ***
> > >>>     major=252 name_count=0: freeing multiple contexts (1)
> > >>>     major=113 name_count=0: freeing multiple contexts (2)
> > >>>  ---------------------- Selinux Audit End -------------------------
> > >>> 
> > >>>  --------------------- SSHD Begin ------------------------
> > >>>  SSHD Killed: 1 Time(s)
> > >>>  SSHD Started: 1 Time(s)
> > >> Normal restart stuff here and in some other places.
> > >> 
> > > 
> > > Do you mean that this is logged when the computer restarts? Because I
> > > have never restarted SSH.
> > 
> > Yes, logged when computer restarts.
> > 
> ----
> No - I don't think so.
> 
> a yum update probably updated openssh and part of the the install script
> is to restart sshd
> 
> Craig
> 

It most assuredly is logged with a reboot.  I have systems that I reboot
without an update involved and this gets logged _every_ time.

It also gets logged at other times as well (such as when the daemon gets
restarted during an update).

More information about the fedora-list mailing list