God I love logcheck. I have been getting a lot (110 since the logs rolled yesterday) of the following entries in /var/log/secure of our main firewall into our office lan.
sshd[5872]: fatal: Read from socket failed: Broken pipe there were none of these in the previous weeks logs kept (defualt of 4 rolling weeks of archived logs) There does not seem to be a correlation to known processes/users that should be using scp, ssh, or sftp. There is no indication of the ip address that these are coming from. is this indicative of an ssh exploit attempt? I am running the latest ssh and open ssh on this 6.2 based box. TIA Bret -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list