Last active
July 3, 2023 10:47
-
-
Save adriansr/2bc5b1f6688b430cacd5d04261c096a6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# local login failed | |
"type=USER_AUTH msg=audit(1553622768.697:628): pid=6261 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=failed'" | |
"type=USER_LOGIN msg=audit(1553622768.697:629): pid=6261 uid=0 auid=1002 ses=40 msg='op=login acct=\"root\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=failed'" | |
# local login succeeded | |
"type=USER_AUTH msg=audit(1553622784.557:630): pid=6261 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"adrian\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=success'" | |
"type=USER_LOGIN msg=audit(1553622784.973:634): pid=6261 uid=0 auid=1002 ses=40 msg='op=login acct=\"adrian\" exe=\"/bin/login\" hostname=? addr=? terminal=/dev/pts/1 res=success'" | |
# SSH from remote | |
"type=USER_LOGIN msg=audit(1553621402.493:548): pid=5858 uid=0 auid=1000 ses=37 msg='op=login id=1000 exe=\"/usr/sbin/sshd\" hostname=10.0.2.2 addr=10.0.2.2 terminal=/dev/pts/1 res=success'" | |
# SSH from local, failure | |
"type=USER_AUTH msg=audit(1553621419.693:549): pid=5936 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct=\"root\" exe=\"/usr/sbin/sshd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=failed'" | |
"type=USER_LOGIN msg=audit(1553621419.693:550): pid=5936 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=\"root\" exe=\"/usr/sbin/sshd\" hostname=? addr=127.0.0.1 terminal=sshd res=failed'" | |
# SSH from local, success | |
"type=USER_AUTH msg=audit(1553621439.149:551): pid=5941 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct=\"adrian\" exe=\"/usr/sbin/sshd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=ssh res=success'" | |
"type=USER_LOGIN msg=audit(1553621439.633:561): pid=5941 uid=0 auid=1002 ses=38 msg='op=login id=1002 exe=\"/usr/sbin/sshd\" hostname=127.0.0.1 addr=127.0.0.1 terminal=/dev/pts/2 res=success'" | |
# SSH from remote, key failed | |
"type=USER_LOGIN msg=audit(1553621480.001:567): pid=6036 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=\"adrian\" exe=\"/usr/sbin/sshd\" hostname=? addr=10.0.2.2 terminal=sshd res=failed'" | |
# ... then fail password | |
"type=USER_AUTH msg=audit(1553621498.857:568): pid=6036 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct=\"adrian\" exe=\"/usr/sbin/sshd\" hostname=10.0.2.2 addr=10.0.2.2 terminal=ssh res=failed'" | |
"type=USER_LOGIN msg=audit(1553621498.857:569): pid=6036 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=\"adrian\" exe=\"/usr/sbin/sshd\" hostname=? addr=10.0.2.2 terminal=sshd res=failed'" | |
# ... then right password | |
"type=USER_AUTH msg=audit(1553621512.245:570): pid=6036 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct=\"adrian\" exe=\"/usr/sbin/sshd\" hostname=10.0.2.2 addr=10.0.2.2 terminal=ssh res=success'" | |
"type=USER_LOGIN msg=audit(1553621512.681:580): pid=6036 uid=0 auid=1002 ses=40 msg='op=login id=1002 exe=\"/usr/sbin/sshd\" hostname=10.0.2.2 addr=10.0.2.2 terminal=/dev/pts/1 res=success'" | |
# su - failure | |
"type=USER_AUTH msg=audit(1553621536.361:581): pid=6129 uid=1002 auid=1002 ses=40 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/su\" hostname=? addr=? terminal=/dev/pts/1 res=failed'" | |
# sudo failure | |
"type=USER_AUTH msg=audit(1553621549.941:583): pid=6130 uid=1002 auid=1002 ses=40 msg='op=PAM:authentication acct=\"adrian\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=/dev/pts/1 res=failed'" | |
"type=USER_AUTH msg=audit(1553621555.529:584): pid=6130 uid=1002 auid=1002 ses=40 msg='op=PAM:authentication acct=\"adrian\" exe=\"/usr/bin/sudo\" hostname=? addr=? terminal=/dev/pts/1 res=failed'" | |
# su <username> | |
"type=USER_AUTH msg=audit(1553621598.789:587): pid=6138 uid=1002 auid=1002 ses=40 msg='op=PAM:authentication acct=\"vagrant\" exe=\"/bin/su\" hostname=? addr=? terminal=/dev/pts/1 res=success'" | |
# sudo <something> success | |
(nothing) | |
# sudo su | |
"type=USER_AUTH msg=audit(1553621630.597:599): pid=6154 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/su\" hostname=? addr=? terminal=/dev/pts/1 res=success'" | |
# sudo su - | |
"type=USER_AUTH msg=audit(1553621645.241:611): pid=6167 uid=0 auid=1002 ses=40 msg='op=PAM:authentication acct=\"root\" exe=\"/bin/su\" hostname=? addr=? terminal=/dev/pts/1 res=success'" | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment