Vesta Control Panel - Forum

Community Forum

Skip to content

Advanced search
  • Quick links
    • Main site
    • Github repo
    • Google Search
  • FAQ
  • Login
  • Register
  • Board index Main Section Web Server
  • Search

pam_unix flood

Questions regarding the Web Server
Apache + Nginx, Nginx + PHP5-FPM
Post Reply
  • Print view
Advanced search
1 post • Page 1 of 1
br5dy
Posts: 11
Joined: Wed Nov 23, 2016 9:19 pm

Os: Debian 8x
Web: apache + nginx
pam_unix flood
  • Quote

Post by br5dy » Thu Mar 22, 2018 5:58 am

Hey guys,

I searched the forum but only found some answers in Russian...which I'm not so great at. So I thought I'd ask in English....

In my /var/log/auth.log file, where SSH entries are logged, I'm getting a flood of pam_unix entries such as follows:

Code: Select all

Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:01 SERVERNAME CRON[6596]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6598]: pam_unix(cron:session): session opened for user admin by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6597]: pam_unix(cron:session): session opened for user admin by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6596]: pam_unix(cron:session): session closed for user root
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:01 SERVERNAME CRON[6598]: pam_unix(cron:session): session closed for user admin
Mar 16 22:15:03 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:03 SERVERNAME CRON[6597]: pam_unix(cron:session): session closed for user admin
Mar 16 22:15:33 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
I'm not very familiar with pam or its config. How can I turn these events off, or at least redirect them? My goal is to get only ACTUAL attempts at logging in via SSH.

Using Debian 9 and the latest release of Vesta (as of 3/20/2018).

Thanks!
Brady
Top
Post Reply
  • Print view
1 post • Page 1 of 1

Return to “Web Server”



  • Board index
  • All times are UTC
  • Delete all board cookies
  • The team
Powered by phpBB® Forum Software © phpBB Limited
*Original Author: Brad Veryard
*Updated to 3.2 by MannixMD
 

 

Login  •  Register

I forgot my password