4 Answers
- Newest
- Most votes
- Most comments
1
Hi, Chris, thanks for replying
of course, follow
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt server01:~
ssh: Could not resolve hostname server01: Temporary failure in name resolution
lost connection
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt server01:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~[1P:~ :~1:~2:~7:~.:~0:~.:~0:~.:~1:~
The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts.
root@127.0.0.1: Permission denied (publickey).
lost connection
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# scp batman.txt 127.0.0.1:~
root@127.0.0.1: Permission denied (publickey).
lost connection
]0;root@ip-172-30-102-209: ~root@ip-172-30-102-209:~# exit
answered 3 years ago
0
Thank you for the context, this is very helpful.
On first investigation it appears that the issue is not with the custom detection, but rather the format of the log file. Using the excerpt you provided above, I ran this through Macie and the file was not scanned due to an UNSUPPORTED_FILE_TYPE_EXCEPTION. This is visible in the discovery results that are published to your S3 bucket.
The team is having a look to see if this is something that's easily addressable.
answered 3 years ago
0
I tested by creating a file with string scp batman server:~ and it worked.
answered 3 years ago
Relevant content
- asked a year ago
- asked 3 years ago
- asked 2 years ago
AWS OFFICIALUpdated 3 years ago- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 5 months ago
Hi ricardobarbosams - would you able to include an excerpt of a few lines of context in the relevant log file that contains "scp batman.txt server:~" or similar? You can obfuscate things like your servername or any user names, as long as the format is preserved. Thanks!