Reply to Message

View discussion in a popup

Replying to:
GaelV
Enthusiast
Enthusiast

Hi thanks for your logs.

Just on august 08th there's around 100 ssh connection initiated by these 2 IPs :

10.1.36.58

10.33.158.183

Is there a script running or something like that ? Because the following commands are launched every 15min along the night and day and it creates SSH connections... :

2019-08-08T00:20:22Z sshd[133943]: User 'root' running command '/opt/lsi/storcli/storcli show J'

2019-08-08T00:20:22Z sshd[133943]: User 'root' running command 'ls /opt/lsi/storcli/storcli'

2019-08-08T00:20:22Z sshd[133943]: User 'root' running command '/opt/lsi/storcli/storcli /c0 show J'

You can correlate every time those commands are launched (in auth.log) it add an entry to shell.log, and there's exactly the same time..

Reply
0 Kudos