Package: openssh-server Version: 1:6.5p1-6 Severity: normal If I use "UsePrivilegeSeparation sandbox" then this is logged every time a login attempt fails: Mar 21 04:59:34 bongo kernel: [1746352.182111] type=1326 audit(1395374374.299:1020): auid=4294967295 uid=103 gid=65534 ses=4294967295 pid=17813 comm="sshd" sig=31 syscall=102 compat=1 ip=0xf7637430 code=0x0 #define __NR_socketcall 102 I do not think that socketcall(2) should be permitted since it would allow an attacker who took control of the process to create new sockets, but maybe sshd could be fixed to not use it (is it for logging?). -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: i386 (x86_64) Kernel: Linux 3.12-1-amd64 (SMP w/4 CPU cores) Locale: LANG=it_IT.utf8, LC_CTYPE=it_IT.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-server depends on: ii adduser 3.113+nmu3 ii dpkg 1.17.6 ii init-system-helpers 1.18 ii libc6 2.18-4 ii libcomerr2 1.42.9-3 ii libgssapi-krb5-2 1.12.1+dfsg-1 ii libkrb5-3 1.12.1+dfsg-1 ii libpam-modules 1.1.8-2 ii libpam-runtime 1.1.8-2 ii libpam0g 1.1.8-2 ii libselinux1 2.2.2-1 ii libssl1.0.0 1.0.1f-1 ii libwrap0 7.6.q-25 ii lsb-base 4.1+Debian12 ii openssh-client 1:6.5p1-6 ii openssh-sftp-server 1:6.5p1-6 ii procps 1:3.3.9-4 ii zlib1g 1:1.2.8.dfsg-1 Versions of packages openssh-server recommends: pn ncurses-term <none> ii xauth 1:1.0.7-1 Versions of packages openssh-server suggests: pn molly-guard <none> pn monkeysphere <none> pn rssh <none> pn ssh-askpass <none> pn ufw <none> -- debconf information excluded -- ciao, Marco
Attachment:
signature.asc
Description: Digital signature