God I love logcheck.

I have been getting a lot (110 since the logs rolled yesterday) of the
following entries in /var/log/secure of our main firewall into our
office lan.

sshd[5872]: fatal: Read from socket failed: Broken pipe

there were none of these in the previous weeks logs kept (defualt of 4
rolling weeks of archived logs)

There does not seem to be a correlation to known processes/users that
should be using scp, ssh, or sftp.  

There is no indication of the ip address that these are coming from.

is this indicative of an ssh exploit attempt?  I am running the latest
ssh and open ssh on this 6.2 based box.

TIA Bret




-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to