We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
pam_unix flood
pam_unix flood
Hey guys,
I searched the forum but only found some answers in Russian...which I'm not so great at. So I thought I'd ask in English....
In my /var/log/auth.log file, where SSH entries are logged, I'm getting a flood of pam_unix entries such as follows:
I'm not very familiar with pam or its config. How can I turn these events off, or at least redirect them? My goal is to get only ACTUAL attempts at logging in via SSH.
Using Debian 9 and the latest release of Vesta (as of 3/20/2018).
Thanks!
Brady
I searched the forum but only found some answers in Russian...which I'm not so great at. So I thought I'd ask in English....
In my /var/log/auth.log file, where SSH entries are logged, I'm getting a flood of pam_unix entries such as follows:
Code: Select all
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:03:05 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:01 SERVERNAME CRON[6596]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6598]: pam_unix(cron:session): session opened for user admin by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6597]: pam_unix(cron:session): session opened for user admin by (uid=0)
Mar 16 22:15:01 SERVERNAME CRON[6596]: pam_unix(cron:session): session closed for user root
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Mar 16 22:15:01 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:01 SERVERNAME CRON[6598]: pam_unix(cron:session): session closed for user admin
Mar 16 22:15:03 SERVERNAME sudo: pam_unix(sudo:session): session closed for user root
Mar 16 22:15:03 SERVERNAME CRON[6597]: pam_unix(cron:session): session closed for user admin
Mar 16 22:15:33 SERVERNAME sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Using Debian 9 and the latest release of Vesta (as of 3/20/2018).
Thanks!
Brady