I forgot: [r...@srv1 ~]# cat /var/log/secure Mar 23 10:01:04 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 23 10:01:04 srv1 login: ROOT LOGIN ON tty1 Mar 23 10:28:32 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 23 10:28:32 srv1 login: ROOT LOGIN ON tty2 Mar 23 10:28:57 srv1 login: pam_unix(login:session): session closed for user root Mar 23 10:30:17 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 23 10:30:17 srv1 login: ROOT LOGIN ON tty1 Mar 23 16:13:40 srv1 sshd[29002]: Connection closed by 192.168.2.152 Mar 23 16:53:56 srv1 sshd[29183]: Accepted password for non_root_user from 192.168.3.2 port 52901 ssh2 Mar 23 16:53:56 srv1 sshd[29183]: pam_unix(sshd:session): session opened for user non_root_user by (uid=0) Mar 23 16:54:02 srv1 su: pam_unix(su-l:session): session opened for user root by non_root_user(uid=500) Mar 23 16:53:30 srv1 su: pam_unix(su-l:session): session closed for user root Mar 23 16:53:32 srv1 sshd[29183]: pam_unix(sshd:session): session closed for user non_root_user *Mar 26 12:03:58 srv1 login: pam_unix(login:session): session closed for user root Mar 26 12:03:58 srv1 login: pam_unix(login:session): session closed for user root* Mar 26 12:05:35 srv1 sshd[2887]: Received signal 15; terminating. Mar 26 12:09:05 srv1 sshd[2896]: Server listening on :: port 2222. Mar 26 12:09:05 srv1 sshd[2896]: error: Bind to port 2222 on 0.0.0.0 failed: Address already in use. Mar 26 13:08:10 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 26 13:08:10 srv1 login: ROOT LOGIN ON tty1 Mar 26 13:14:19 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 26 13:14:19 srv1 login: ROOT LOGIN ON tty2 Mar 26 13:15:43 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 26 13:15:43 srv1 login: ROOT LOGIN ON tty3 Mar 26 13:22:35 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 26 13:22:35 srv1 login: ROOT LOGIN ON tty4 Mar 26 13:35:37 srv1 login: pam_unix(login:session): session closed for user root Mar 26 13:36:43 srv1 login: pam_unix(login:session): session closed for user root Mar 26 13:39:41 srv1 login: pam_unix(login:session): session closed for user root Mar 26 13:48:48 srv1 login: pam_unix(login:session): session closed for user root Mar 26 13:50:58 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 26 13:50:58 srv1 login: ROOT LOGIN ON tty1 Mar 26 13:51:11 srv1 login: pam_unix(login:session): session closed for user root Mar 26 13:53:13 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 26 13:53:13 srv1 login: ROOT LOGIN ON tty1 Mar 26 13:53:35 srv1 login: pam_unix(login:session): session opened for user root by LOGIN(uid=0) Mar 26 13:53:35 srv1 login: ROOT LOGIN ON tty2 Mar 26 14:16:27 srv1 login: pam_unix(login:session): session closed for user root Mar 26 14:16:32 srv1 login: pam_unix(login:session): session closed for user root Mar 26 17:41:29 srv1 sshd[8395]: Accepted password for non_root_user from 192.168.2.153 port 1123 ssh2 Mar 26 17:41:29 srv1 sshd[8395]: pam_unix(sshd:session): session opened for user non_root_user by (uid=0) Mar 26 17:41:35 srv1 su: pam_unix(su-l:session): session opened for user root by non_root_user(uid=500) [r...@srv1 ~]#
I didn't log into the server at that time. Any thoughts?
_______________________________________________ mlug mailing list [email protected] https://listes.koumbit.net/cgi-bin/mailman/listinfo/mlug-listserv.mlug.ca
