- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi thanks for your logs.
Just on august 08th there's around 100 ssh connection initiated by these 2 IPs :
10.1.36.58
10.33.158.183
Is there a script running or something like that ? Because the following commands are launched every 15min along the night and day and it creates SSH connections... :
2019-08-08T00:20:22Z sshd[133943]: User 'root' running command '/opt/lsi/storcli/storcli show J'
2019-08-08T00:20:22Z sshd[133943]: User 'root' running command 'ls /opt/lsi/storcli/storcli'
2019-08-08T00:20:22Z sshd[133943]: User 'root' running command '/opt/lsi/storcli/storcli /c0 show J'
You can correlate every time those commands are launched (in auth.log) it add an entry to shell.log, and there's exactly the same time..