Comment 6 for bug 1724152
Revision history for this message
| bugproxy (bugproxy) wrote Comment bridged from LTC Bugzilla | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
------- Comment From <email address hidden> 2017-12-05 03:51 EDT-------
(In reply to comment #14)
> (In reply to comment #13)
> > (In reply to comment #11)
> > > Pavithra, Canonical has asked for an update. Could you verify the fix?
> > > Thanks.
> >
> > Can you please give the steps to recreate. I have not tested this before.
> >
> > root@ltc-garri3:~# aureport -l
> >
> > Login Report
> > =======
> > # date time auid host term exe success event
> > =======
> > <no events of interest were found>
> >
> >
> > Thanks,
> > Pavithra
>
> Recreation steps
>
> 1. start the auditd service
>
> service auditd start
>
> 2. login and logout to the machine using ssh and that will log ssh login
> events in aureport.
>
> 3. Do aureport -l and check for auid
Below is the output on 17.04 machine.
ubuntu@
Linux ltc-garri3 4.10.0-38-generic #42-Ubuntu SMP Tue Oct 10 13:22:54 UTC 2017 ppc64le ppc64le ppc64le GNU/Linux
root@ltc-
Login Report
=======
# date time auid host term exe success event
=======
1. 12/04/2017 22:29:35 root 9.124.35.113 sshd /usr/sbin/sshd no 134
2. 12/04/2017 22:32:46 root 9.124.35.113 sshd /usr/sbin/sshd no 135
3. 12/04/2017 22:32:51 root 9.124.35.113 sshd /usr/sbin/sshd no 137
4. 12/04/2017 22:32:56 root 9.124.35.113 sshd /usr/sbin/sshd no 139
5. 12/04/2017 22:33:01 root 9.124.35.113 sshd /usr/sbin/sshd no 140
6. 12/04/2017 22:33:05 root 9.124.35.113 sshd /usr/sbin/sshd no 142
7. 12/04/2017 22:33:10 root 9.124.35.113 sshd /usr/sbin/sshd no 144
8. 12/04/2017 22:50:04 root 9.79.212.207 sshd /usr/sbin/sshd no 158
9. 12/04/2017 22:50:10 root 9.79.212.207 sshd /usr/sbin/sshd no 160
10. 12/04/2017 22:50:16 root 9.79.212.207 sshd /usr/sbin/sshd no 162
11. 12/04/2017 23:12:03 ubuntu 9.124.35.113 sshd /usr/sbin/sshd no 169
12. 12/04/2017 23:12:06 -1 9.124.35.113 /dev/pts/0 /usr/sbin/sshd yes 176
13. 12/04/2017 23:40:23 ubuntu 9.124.35.113 sshd /usr/sbin/sshd no 223
14. 12/05/2017 00:28:24 ubuntu 9.124.35.113 sshd /usr/sbin/sshd no 313
15. 12/05/2017 00:28:27 -1 9.124.35.113 /dev/pts/0 /usr/sbin/sshd yes 320
16. 12/05/2017 00:28:56 ubuntu 9.124.35.113 sshd /usr/sbin/sshd no 330
17. 12/05/2017 00:28:58 -1 9.124.35.113 /dev/pts/0 /usr/sbin/sshd yes 337
18. 12/05/2017 02:46:14 root 9.109.212.222 sshd /usr/sbin/sshd no 384
19. 12/05/2017 02:46:27 root 9.109.212.222 sshd /usr/sbin/sshd no 386
20. 12/05/2017 02:46:31 root 9.109.212.222 sshd /usr/sbin/sshd no 388
21. 12/05/2017 02:46:36 root 9.109.212.222 sshd /usr/sbin/sshd no 390
22. 12/05/2017 02:46:45 ubuntu 9.109.212.222 sshd /usr/sbin/sshd no 391
23. 12/05/2017 02:46:49 -1 9.109.212.222 /dev/pts/1 /usr/sbin/sshd yes 398
24. 12/05/2017 02:48:22 ubuntu 9.109.212.222 sshd /usr/sbin/sshd no 409
25. 12/05/2017 02:48:27 -1 9.109.212.222 /dev/pts/2 /usr/sbin/sshd yes 416
26. 12/05/2017 02:48:33 ubuntu 9.109.212.222 sshd /usr/sbin/sshd no 419
27. 12/05/2017 02:48:37 -1 9.109.212.222 /dev/pts/2 /usr/sbin/sshd yes 426
Thanks,
Pavithra
------- Comment From <email address hidden> 2017-12-08 03:27 EDT-------
marking the above comment external