On Sun, Mar 22, 2015 at 11:29:21PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Mar 20, 2015 at 02:14:38PM +, Richard W.M. Jones wrote:
> > Message from syslogd@trick at Mar 20 14:13:46 ...
> > journal: pid=2038 uid=0 auid=1000 ses=2
> > subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg
On Fri, Mar 20, 2015 at 02:14:38PM +, Richard W.M. Jones wrote:
> Message from syslogd@trick at Mar 20 14:13:46 ...
> journal: pid=2038 uid=0 auid=1000 ses=2
> subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server
> fp=SHA256:5e:91:96:9b:d3:3c:42:5c:21:e8:fe:8e:4c:c6:a8:ef
My original aim with the message to devel@ was to find out what
component to file the BZ against. I've filed it now, against rsyslog
for the moment:
https://bugzilla.redhat.com/show_bug.cgi?id=1204217
and I will follow up in there with the additional information you
requested.
Thanks, Rich.
--
On Fri, Mar 20, 2015 at 03:35:37PM +0100, Tomas Heinrich wrote:
> Spamming shells was traditionally the domain of syslogd. In
> /etc/rsyslog.conf, there's this line:
>
> *.emerg :omusrmsg:*
Yup, that exists.
Note I've not changed /etc/rsyslog.conf from the default configuration.
> You can try co
I'm not even sure what component I would file this bug against, but
since a few days ago, something in Rawhide is causing every ssh
terminal, console etc to get spammed with SELinux audit messages.
Simply ssh-ing to the box gives you:
$ ssh trick
Message from syslogd@trick at Mar 20 14:13:46 ..
