Systemd log entriesΒ #28
Description
Hi,
Following log entries are written when using the ssh backdoor (login and log off).
Tested on Ubuntu 16.04.
/var/log/auth.log:
Dec 18 10:12:01 test systemd: pam_unix(systemd-user:session): session opened for user root by (uid=0)
Dec 18 10:12:01 test systemd-logind[856]: New session c3 of user root.
Dec 18 10:12:43 test systemd-logind[856]: Removed session c3.
/var/log/syslog:
Dec 18 10:09:05 test systemd[1]: Created slice User Slice of root.
Dec 18 10:09:05 test systemd[1]: Starting User Manager for UID 0...
Dec 18 10:09:05 test systemd[1]: Started Session c2 of user root.
Dec 18 10:09:05 test systemd[6375]: Reached target Paths.
Dec 18 10:09:05 test systemd[6375]: Reached target Sockets.
Dec 18 10:09:05 test systemd[6375]: Reached target Timers.
Dec 18 10:09:05 test systemd[6375]: Reached target Basic System.
Dec 18 10:09:05 test systemd[6375]: Reached target Default.
Dec 18 10:09:05 test systemd[6375]: Startup finished in 19ms.
Dec 18 10:09:05 test systemd[1]: Started User Manager for UID 0.
Dec 18 10:09:15 test systemd[6375]: Reached target Shutdown.
Dec 18 10:09:15 test systemd[6375]: Starting Exit the Session...
Dec 18 10:09:15 test systemd[6375]: Stopped target Default.
Dec 18 10:09:15 test systemd[6375]: Stopped target Basic System.
Dec 18 10:09:15 test systemd[6375]: Stopped target Paths.
Dec 18 10:09:15 test systemd[6375]: Stopped target Timers.
Dec 18 10:09:15 test systemd[6375]: Stopped target Sockets.
Dec 18 10:09:15 test systemd[1]: Stopping User Manager for UID 0...
Dec 18 10:09:15 test systemd[6375]: Received SIGRTMIN+24 from PID 6404 (kill).
Dec 18 10:09:15 test systemd[1]: Stopped User Manager for UID 0.
Dec 18 10:09:15 test systemd[1]: Removed slice User Slice of root.