Hi,
How to read this log message?
type=CRYPTO_KEY_USER msg=audit(1401283789.302:238081): user pid=12718 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=f2:d2:d5:63:9c:9f:59:e2:64:ca:45:4c:e0:54:c6:c3 direction=? spid=12718 suid=0 exe="/usr/sbin/sshd" hostname=? addr=xxx.xx.xxx.xxx terminal=? res=success'
Did anyone login to SSH? as a root?
how to find the time and date from this?
Thank you
What does this AVC means
Moderator: xeont
3 posts
• Page 1 of 1
What does this AVC means
by pri » Thu May 29, 2014 8:56 am
- pri
- Posts: 3
- Joined: Wed Aug 14, 2013 6:22 am
Re: What does this AVC means
by dpquigl » Thu May 29, 2014 10:13 am
First off that isn't an AVC. Its just a normal audit message. You need to look up what creates audit log messages of type CRYPTO_KEY_USER. You can use ausearch -i to get a human readable time and date for the audit record. It looks like an AVC message because it includes the subject of what caused the audit log but it isn't actually an SELinux AVC.
- dpquigl
- Posts: 2
- Joined: Wed Jul 03, 2013 8:30 pm
Re: What does this AVC means
by pri » Sat May 31, 2014 2:20 am
Thank you for your reply dpquigl.
I did a ausearch -i and found the date and time.
Problem this is the same message i get when i login to SSH but i have few of these messages from different IPs.
but when I do a
#last root
It only show root login with my IP.
Just wondering what is going on.
I did a ausearch -i and found the date and time.
Problem this is the same message i get when i login to SSH but i have few of these messages from different IPs.
but when I do a
#last root
It only show root login with my IP.
Just wondering what is going on.
- pri
- Posts: 3
- Joined: Wed Aug 14, 2013 6:22 am
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest
