Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009 Manual page 368
Hide thumbs
Also See for LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009:
- Administration manual (338 pages) ,
- Deployment manual (246 pages) ,
- Application manual (364 pages)
Table of Contents
Advertisement
Example 30.8, "An Advanced Audit Event—Login via SSH"
audit events triggered by an incoming SSH connection. Most of the messages are related
to the PAM stack and reflect the different stages of the SSH PAM process. Several of
the audit messages carry nested PAM messages in them that signify that a particular
stage of the PAM process has been reached. Although the PAM messages are logged
by audit, audit assigns its own message type to each event:
Example 30.8 An Advanced Audit Event—Login via SSH
type=USER_AUTH msg=audit(1234877011.791:7731): user pid=26127 uid=0
auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="root"
exe="/usr/sbin/sshd"
(hostname=jupiter.example.com, addr=192.168.2.100, terminal=ssh res=success)'
type=USER_ACCT msg=audit(1234877011.795:7732): user pid=26127 uid=0
auid=4294967295 ses=4294967295 msg='op=PAM:accounting acct="root"
exe="/usr/sbin/sshd"
(hostname=jupiter.example.com, addr=192.168.2.100, terminal=ssh res=success)'
type=CRED_ACQ msg=audit(1234877011.799:7733): user pid=26125 uid=0
auid=4294967295 ses=4294967295 msg='op=PAM:setcred acct="root"
exe="/usr/sbin/sshd"
(hostname=jupiter.example.com, addr=192.168.2.100, terminal=/dev/pts/0
res=success)'
type=LOGIN msg=audit(1234877011.799:7734): login pid=26125 uid=0
old auid=4294967295 new auid=0 old ses=4294967295 new ses=1172
type=USER_START msg=audit(1234877011.799:7735): user pid=26125 uid=0
auid=0 ses=1172 msg='op=PAM:session_open acct="root" exe="/usr/sbin/sshd"
(hostname=jupiter.example.com, addr=192.168.2.100, terminal=/dev/pts/0
res=success)'
type=USER_LOGIN msg=audit(1234877011.823:7736): user pid=26128 uid=0
auid=0 ses=1172 msg='uid=0: exe="/usr/sbin/sshd"
(hostname=jupiter.example.com, addr=192.168.2.100, terminal=/dev/pts/0
res=success)'
type=CRED_REFR msg=audit(1234877011.828:7737): user pid=26128 uid=0
auid=0 ses=1172 msg='op=PAM:setcred acct="root" exe="/usr/sbin/sshd"
(hostname=jupiter.example.com, addr=192.168.2.100, terminal=/dev/pts/0
res=success)'
PAM reports that is has successfully requested user authentication for root from
a remote host (jupiter.example.com, 192.168.2.100). The terminal where this is
happening is ssh.
PAM reports that it has successfully determined whether the user is authorized to
log in at all.
PAM reports that the appropriate credentials to log in have been acquired and that
the terminal changed to a normal terminal (/dev/pts0).
356
Security Guide
(page 356) highlights the
Advertisement
Table of Contents
Related Manuals for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
Related Products for Novell LINUX ENTERPRISE DESKTOP 11 - SECURITY GUIDE 17-03-2009
- NOVELL EDIRECTORY 8.8 SP2 - GUIDE 10-2007
- NOVELL EDIRECTORY 8.8 SP5 - GUIDE 12-2009
- NOVELL IDENTITY MANAGER 3.6.1 - WORKORDER DRIVER IMPLEMENTATION GUIDE 18-12-2009
- NOVELL LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009
- NOVELL OPEN ENTERPRISE SERVER - CONVERSION GUIDE 12-2010
- NOVELL OPEN ENTERPRISE SERVER 2 SP2 - PLANING AND IMPLEMENTATION GUIDE 11-10-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - UPGARDE GUIDE 10-09-2009
- NOVELL PLATESPIN ORCHESTRATE 2.0.2 - VIRTUAL MACHINE MANAGEMENT GUIDE 10-17-2009
- NOVELL PRODUCT NAME 10.3 - DEPLOYING ZENWORKS ON CITRIX SERVER BEST PRACTICES GUIDE 12-13-2010
- NOVELL SERVER CONSOLIDATION MIGRATION TOOLKIT 1.1 - ADMINISTRATION GUIDE 12-23-2005
- NOVELL ZENWORKS APPLICATION VIRTUALIZATION 8.0.2 - INTEGRATION AND STREAMING GUIDE 11-2010
- NOVELL ACCESS MANAGER 3.1 SP1 - SSL VPN SERVER GUIDE 03-17-2010
- NOVELL CUSTOMER CENTER 2.3 - GUIDE 4-8-2009
- NOVELL IFOLDER 3.X - SECURITY ADMINISTRATOR GUIDE 08-15-2006
- NOVELL LINUX ENTERPRISE SERVER 10 - START-UP GUIDE 06-12-2006
- NOVELL LINUX ENTERPRISE SERVER 10 SP2 - STORAGE ADMINISTRATION GUIDE 05-15-2009