Dear alpha gurus,
Given a AS 4100 with Dunix 4.0d (patch 2) and sshd (1.2.25) with
tcp_wrapper,
Each time someone uses ssh to that machine (both for logging in or for
giving a command) I get the following audit record.
audit_id: 1001 ruid/euid: 0/0
pid: 28324 ppid: 28326 cttydev: (6,6)
event: security
request: SEC_SETLUID (3)
uid: 1001
result: -1 (0xffffffff)
ip address: 192.107.71.51 (casaccia.casaccia.enea.it)
timestamp: Thu Aug 27 10:13:38.91 1998 MET DST
ps -ale gives (among other):
8001 I 0 28326 601 0.0 44 0 0 440K event ?? 0:00.08 sshd1
80808001 I + 1001 28324 28326 0.0 44 0 0 512K tty ttyp6 0:00.10 tcsh
So the process causing the audit record is the shell (tcsh in this
case, but it happens the same with sh) started by the sshd daemon.
The strange is that ,despite the above audit record, the shell works
absolutely fine!
I would really like to now if that strange behavour means a hole in
security or not.
Thank you very much ,
Greetings to all the alpha managers family ,
Emanuele
---
Emanuele Lombardi
mail: AMB-GEM-CLIM ENEA Casaccia
I-00060 S.M. di Galeria (RM) ITALY
mailto:lele_at_mantegna.casaccia.enea.it
tel +39 6 30483366 fax +39 6 30483591
This transmission was made possible by 100% recycled electrons.
Received on Thu Aug 27 1998 - 08:44:40 NZST