Inconsistent utx.active?
Ed Schouten
ed at 80386.nl
Fri Feb 24 23:00:28 UTC 2012
Hello Vlad,
* Vlad Galu <dudu at dudu.ro>, 20120224 23:54:
> [1330014380.652067 -- Thu Feb 23 17:26:20 2012] user process: id="4f86d023f250d3c9" pid="39012" user="dudu" line="pts/0" host="A.B.C.D"
> [1330014398.177818 -- Thu Feb 23 17:26:38 2012] user process: id="269d75b37f295346" pid="39221" user="dudu" line="pts/1" host="A.B.C.D"
> [1330085459.796787 -- Fri Feb 24 13:10:59 2012] user process: id="d026e8e5c0648ec2" pid="38093" user="dudu" line="pts/0" host="A.B.C.D"
> [1330122640.813570 -- Fri Feb 24 23:30:40 2012] user process: id="dd8d3dff2f3002a0" pid="82959" user="dudu" line="pts/0" host="X.Y.Z.T"
> [1330122493.638088 -- Fri Feb 24 23:28:13 2012] user process: id="92b73279a543d99f" pid="73085" user="dudu" line="pts/1" host="X.Y.Z.T"
> [1330122498.444614 -- Fri Feb 24 23:28:18 2012] user process: id="c0f3c404a3ca8565" pid="73573" user="dudu" line="pts/2" host="X.Y.Z.T"
> [1330122634.538515 -- Fri Feb 24 23:30:34 2012] dead process: id="fea56df5dde26e4d" pid="76338"
You mentioned in a previous email that these entries belong to SSH
sessions. Are you sure about this? The identifiers seem to contain
randomly generated data, just like pam_lastlog(8) does. OpenSSH uses
identifiers based on the TTY name, like so:
> [1330124273.955165 -- Fri Feb 24 23:57:53 2012] user process: id="7074732f30000000" pid="15880" user="ed" line="pts/0" host="m.fxq.nl"
0x7074732f30 is equal to "pts/0".
Maybe they're generated by some different login service or you've
configured PAM/OpenSSH/etc. in a non-default way?
Thanks so far,
--
Ed Schouten <ed at 80386.nl>
WWW: http://80386.nl/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20120224/d35bfc86/attachment.pgp
More information about the freebsd-stable
mailing list