Dear CentOS community
Last weekend i've re-installed on of my VPS servers,
Evrynight at the same time all of my users try to ssh according to system security log
Please see log below, i read something about a cronjob wich is doing this
Any advice how to check/ stop this
Running latest CentOS 7 with all updates / Directadmin
thanks in advance
*For security reasons i have changed real username's to user1/2/3/4/5/6
May 10 00:11:01 server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
May 10 00:11:01 server su: pam_unix(su-l:session): session closed for user user1
May 10 00:11:01 server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
May 10 00:11:01 server su: pam_unix(su-l:session): session closed for user user1
May 10 00:11:01 server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
May 10 00:11:01 server su: pam_unix(su-l:session): session closed for user user1
May 10 00:11:01 server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
May 10 00:11:01 server su: pam_unix(su-l:session): session closed for user user1
May 10 00:11:01 server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
May 10 00:11:01 server su: pam_unix(su-l:session): session closed for user user1
May 10 00:11:01 server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
May 10 00:11:05 server su: pam_unix(su-l:session): session closed for user user1
May 10 00:11:05 server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
May 10 00:11:05 server su: pam_unix(su-l:session): session closed for user user1
May 10 00:11:06 server su: pam_unix(su-l:session): session opened for user user2 by (uid=0)
May 10 00:11:06 server su: pam_unix(su-l:session): session closed for user user2
May 10 00:11:06 server su: pam_unix(su-l:session): session opened for user user2 by (uid=0)
May 10 00:11:06 server su: pam_unix(su-l:session): session closed for user user2
May 10 00:11:06 server su: pam_unix(su-l:session): session opened for user user2 by (uid=0)
May 10 00:11:06 server su: pam_unix(su-l:session): session closed for user user2
May 10 00:11:06 server su: pam_unix(su-l:session): session opened for user user2 by (uid=0)
May 10 00:11:06 server su: pam_unix(su-l:session): session closed for user user2
May 10 00:11:06 server su: pam_unix(su-l:session): session opened for user user2 by (uid=0)
May 10 00:11:06 server su: pam_unix(su-l:session): session closed for user user2
May 10 00:11:06 server su: pam_unix(su-l:session): session opened for user user2 by (uid=0)
May 10 00:11:10 server su: pam_unix(su-l:session): session closed for user user2
May 10 00:11:10 server su: pam_unix(su-l:session): session opened for user user2 by (uid=0)
May 10 00:11:10 server su: pam_unix(su-l:session): session closed for user user2
May 10 00:11:11 server su: pam_unix(su-l:session): session opened for user puk2017 by (uid=0)
May 10 00:11:11 server su: pam_unix(su-l:session): session closed for user user3
May 10 00:11:11 server su: pam_unix(su-l:session): session opened for user user3 by (uid=0)
May 10 00:11:11 server su: pam_unix(su-l:session): session closed for user user3
May 10 00:11:11 server su: pam_unix(su-l:session): session opened for user user3 by (uid=0)
May 10 00:11:11 server su: pam_unix(su-l:session): session closed for user user3
May 10 00:11:11 server su: pam_unix(su-l:session): session opened for user user3 by (uid=0)
May 10 00:11:11 server su: pam_unix(su-l:session): session closed for user user3
May 10 00:11:11 server su: pam_unix(su-l:session): session opened for user user3 by (uid=0)
May 10 00:11:11 server su: pam_unix(su-l:session): session closed for user user3
May 10 00:11:11 server su: pam_unix(su-l:session): session opened for user user3 by (uid=0)
May 10 00:11:14 server su: pam_unix(su-l:session): session closed for user user3
May 10 00:11:14 server su: pam_unix(su-l:session): session opened for user user3 by (uid=0)
May 10 00:11:14 server su: pam_unix(su-l:session): session closed for user user3
May 10 00:11:16 server su: pam_unix(su-l:session): session opened for user wgadgets by (uid=0)
May 10 00:11:16 server su: pam_unix(su-l:session): session closed for user wgadgets
May 10 00:11:16 server su: pam_unix(su-l:session): session opened for user wgadgets by (uid=0)
May 10 00:11:16 server su: pam_unix(su-l:session): session closed for user wgadgets
May 10 00:11:16 server su: pam_unix(su-l:session): session opened for user user4 by (uid=0)
May 10 00:11:16 server su: pam_unix(su-l:session): session closed for user user4
May 10 00:11:16 server su: pam_unix(su-l:session): session opened for user user4 by (uid=0)
May 10 00:11:16 server su: pam_unix(su-l:session): session closed for user user4
May 10 00:11:16 server su: pam_unix(su-l:session): session opened for user user4 by (uid=0)
May 10 00:11:16 server su: pam_unix(su-l:session): session closed for user user4
May 10 00:11:16 server su: pam_unix(su-l:session): session opened for user user4 by (uid=0)
May 10 00:11:20 server su: pam_unix(su-l:session): session closed for user user4
May 10 00:11:20 server su: pam_unix(su-l:session): session opened for user user4 by (uid=0)
May 10 00:11:20 server su: pam_unix(su-l:session): session closed for user user4
May 10 00:11:21 server su: pam_unix(su-l:session): session opened for user wouter by (uid=0)
May 10 00:11:21 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:21 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:21 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:21 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:21 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:21 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:21 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:21 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:21 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:21 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:24 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:24 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:25 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:25 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:25 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:25 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:25 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:25 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:25 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:25 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:25 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:25 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:25 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:25 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:29 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:29 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:29 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:50 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:50 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:50 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:50 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:50 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:50 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:50 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:50 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:50 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:50 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:50 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:53 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:53 server su: pam_unix(su-l:session): session opened for user user5 by (uid=0)
May 10 00:11:53 server su: pam_unix(su-l:session): session closed for user user5
May 10 00:11:54 server su: pam_unix(su-l:session): session closed for user user6
May 10 00:11:54 server su: pam_unix(su-l:session): session opened for user user6 by (uid=0)
May 10 00:11:54 server su: pam_unix(su-l:session): session closed for user user6
May 10 00:11:54 server su: pam_unix(su-l:session): session opened for user user6 by (uid=0)
May 10 00:11:54 server su: pam_unix(su-l:session): session closed for user user6
May 10 00:11:54 server su: pam_unix(su-l:session): session opened for user user6 by (uid=0)
May 10 00:11:54 server su: pam_unix(su-l:session): session closed for user user6
May 10 00:11:54 server su: pam_unix(su-l:session): session opened for user user6 by (uid=0)
May 10 00:11:54 server su: pam_unix(su-l:session): session closed for user user6
May 10 00:11:54 server su: pam_unix(su-l:session): session opened for user user6 by (uid=0)
May 10 00:11:57 server su: pam_unix(su-l:session): session closed for user user6
May 10 00:11:57 server su: pam_unix(su-l:session): session opened for user user6 by (uid=0)
May 10 00:11:57 server su: pam_unix(su-l:session): session closed for user user6
server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
Re: server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
At a guess, something in Directadmin has set up crontab entries for all your users to do "magic" overnight. You'll need to ask DA about this as we don't support it.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Re: server su: pam_unix(su-l:session): session opened for user user1 by (uid=0)
Dear Centos community
I've found the problem it's related to awstats
-----------------------------------------------
That's notification about su command not trying ssh. That's most likely caused by awstats.
related: https://www.directadmin.com/features.php?id=1921
I've found the problem it's related to awstats
-----------------------------------------------
That's notification about su command not trying ssh. That's most likely caused by awstats.
related: https://www.directadmin.com/features.php?id=1921