This is a weird problem. I get the daily logwatch emails from our various servers and one of the things that I eyeball on a regular basis is the "Users logging in through sshd". I like to make sure that I don't see any logins from IP addresses that I don't recognize (as well as failed login attempts.)
We changed our firewall about a week and a half ago, over to Untangle. This has had no negative affect on any of the usual behavior except for one of our servers, a database server running RHEL 5.X (64 bit, fully up to date.) On this one system, I'm now seeing the following line in it's daily Logwatch email: -- -- You received this message because you are subscribed to the Google Groups "NLUG" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nlug-talk?hl=en --- You received this message because you are subscribed to the Google Groups "NLUG" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
