pam_unix flood
pam_unix flood
Hey guys,
I searched the forum but only found some answers in Russian...which I'm not so great at. So I thought I'd ask in English....
In my /var/log/auth.log file, where SSH entries are logged, I'm getting a flood of pam_unix entries such as follows:
I'm not very familiar with pam or its config. How can I turn these events off, or at least redirect them? My goal is to get only ACTUAL attempts at logging in via SSH.
Using Debian 9 and the latest release of Vesta (as of 3/20/2018).
Thanks!
Brady
I searched the forum but only found some answers in Russian...which I'm not so great at. So I thought I'd ask in English....
In my /var/log/auth.log file, where SSH entries are logged, I'm getting a flood of pam_unix entries such as follows:
Code: Select all
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:01 SERVERNAME CRON[6596]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6598]: pam_unix(cron:session): session opened for user admin by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6597]: pam_unix(cron:session): session opened for user admin by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6596]: pam_unix(cron:session): session closed for user root
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:01 SERVERNAME CRON[6598]: pam_unix(cron:session): session closed for user admin
Mar 16 22:15:03 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:03 SERVERNAME CRON[6597]: pam_unix(cron:session): session closed for user admin
Mar 16 22:15:33 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Using Debian 9 and the latest release of Vesta (as of 3/20/2018).
Thanks!
Brady