I see the following entry in the /var/log/messages log file:
messages:Oct 23 01:08:37 sp-svr01 ADMINDIARY: {“username”: “root”, “args”: {“hostname”: “sp-svr01”}, “tags”: [], “context_id”: “2f14c5b1-281a-4351-8ea9-7c3f89f6eff2”, “timestamp”: “2019-10-23 01:08:37”, “message”: {“de”: “Maschinenpasswort von {hostname} erfolgreich ge\u00e4ndert”, “en”: “Machine account password of {hostname} changed successfully”}, “hostname”: “sp-svr01”, “type”: “Entry v1”, “event”: “SERVER_PASSWORD_CHANGED”}
At that time, no one should have been working on this server? Is this a security problem for me?
Thank you!
john