USER_LOGIN audit log with incorrect auid value?
- by hijinx
We have a CentOS 6.2 x86_64 system that's logging what looks to be erroneous audit information. We were receiving alerts for failed logins by a user who wasn't actually trying to log in. After some diagnosis, we figured out that the source of the events is our tool that periodically checks to see if SSH is answering. When that happens, we see…
