looks like auditd logging is a bit tweaked.
eero
26.10.2016 6.11 ip. m.roth@5-cent.us kirjoitti:
The recently-left programmer did *something*, and he didn't know what, and the guy who picked it up is working with me to find out why /var/log/messages is getting flooded with Oct 26 11:01:06 <servername> kernel: type=1105 audit(1477494066.569:642430): pid=108551 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_open grantors=pam_keyinit,pam_keyinit,pam_limits,pam_ systemd,pam_unix,pam_krb5,pam_xauth acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11:01:06 <servername> kernel: type=1106 audit(1477494066.620:642431): pid=108548 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:session_close grantors=pam_keyinit,pam_keyinit,pam_limits,pam_ systemd,pam_unix,pam_krb5,pam_xauth acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success' Oct 26 11:01:06 <servername> kernel: type=1104 audit(1477494066.620:642432): pid=108548 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:unconfined_service_t:s0 msg='op=PAM:setcred grantors=pam_rootok acct="<user>" exe="/usr/bin/su" hostname=? addr=? terminal=? res=success'
Oct 26 11:01:11 <servername> su: (to <user>) root on none Oct 26 11:01:11 <servername> su: (to <user>) root on none Oct 26 11:01:11 <servername> systemd: Started Session c21839 of user <user>.
Other folks can submit jobs to slurm, and we don't get anything like this.
Feel free to contact me offlist....
mark
Oct 26 11:01:11 <servername> systemd: Starting Session c21839 of user <user>.
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos