Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Wed Feb 1 03:44:17 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Wed Feb 1 03:44:17 2017
Date Range Processed: yesterday
( 2017-Jan-31 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Tue Jan 31 04:15:00 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
connect_error: getsockopt(SO_ERROR): fd=5 error=111: Connection refused
Can't connect to port 80 of host db.local.clamav.net (IP: 208.72.56.53)
Trying host db.local.clamav.net (172.110.204.67)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 172.110.204.67)
Trying host db.local.clamav.net (150.214.142.197)...
Downloading daily-22971.cdiff [100%]
Downloading daily-22972.cdiff [100%]
Downloading daily-22973.cdiff [100%]
Downloading daily-22974.cdiff [100%]
Downloading daily-22975.cdiff [100%]
Downloading daily-22976.cdiff [100%]
daily.cld updated (version: 22976, sigs: 1504219, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5723064 signatures) from db.local.clamav.net (IP: 150.214.142.197)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (210.39.6.85): 50 Time(s)
unknown (104.130.165.54): 35 Time(s)
unknown (193.201.224.39): 34 Time(s)
unknown (147.75.101.31): 23 Time(s)
root (210.39.6.85): 19 Time(s)
unknown (91.224.161.73): 17 Time(s)
root (147.75.101.31): 16 Time(s)
root (104.130.165.54): 12 Time(s)
postgres (210.39.6.85): 6 Time(s)
root (193.201.224.39): 6 Time(s)
unknown (27.72.65.175): 6 Time(s)
root (201.179.10.254): 5 Time(s)
mysql (210.39.6.85): 3 Time(s)
root (91.224.161.73): 3 Time(s)
tomcat (210.39.6.85): 3 Time(s)
igitman (igor-ubuntu.wv.cc.cmu.edu): 2 Time(s)
operator (193.201.224.39): 2 Time(s)
bin (210.39.6.85): 1 Time(s)
ftp (104.130.165.54): 1 Time(s)
mail (104.130.165.54): 1 Time(s)
mysql (104.130.165.54): 1 Time(s)
operator (104.130.165.54): 1 Time(s)
operator (91.224.161.73): 1 Time(s)
root (117.81.131.192): 1 Time(s)
root (118.119.86.65): 1 Time(s)
root (179.187.170.227.dynamic.adsl.gvt.net.br): 1 Time(s)
root (188.27.120.48): 1 Time(s)
root (190.214.226.253): 1 Time(s)
root (190.237.173.8): 1 Time(s)
root (27.72.65.175): 1 Time(s)
root (ti0100a400-1587.bb.online.no): 1 Time(s)
sshd (210.39.6.85): 1 Time(s)
unknown (171.212.142.45): 1 Time(s)
unknown (190.179.136.155): 1 Time(s)
unknown (58.213.133.230): 1 Time(s)
unknown (60.184.234.37): 1 Time(s)
unknown (70.150.240.157): 1 Time(s)
unknown (c-73-172-192-71.hsd1.md.comcast.net): 1 Time(s)
Invalid Users:
Unknown Account: 252 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
35.218K Bytes accepted 36,063
35.218K Bytes delivered 36,063
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
useradd: failed adding user 'slurm', exit code: 9: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 4 Time(s)
root : 12 Time(s)
ubnt : 2 Time(s)
Failed logins from:
27.72.65.175 (localhost): 1 time
85.165.177.58 (ti0100a400-1587.bb.online.no): 6 times
91.224.161.73: 13 times
104.130.165.54: 16 times
117.81.131.192 (192.131.81.117.broad.sz.js.dynamic.163data.com.cn): 6 times
118.119.86.65: 6 times
147.75.101.31: 16 times
179.187.170.227 (179.187.170.227.dynamic.adsl.gvt.net.br): 6 times
188.27.120.48 (188-27-120-48.rdsnet.ro): 6 times
190.214.226.253 (253.226.214.190.static.pichincha.andinanet.net): 6 times
190.237.173.8: 6 times
193.201.224.39: 26 times
201.179.10.254 (201-179-10-254.speedy.com.ar): 30 times
210.39.6.85: 33 times
Illegal users from:
27.72.65.175 (localhost): 6 times
58.213.133.230: 6 times
60.184.234.37 (37.234.184.60.broad.ls.zj.dynamic.163data.com.cn): 6 times
70.150.240.157 (157.quickrelay.com): 6 times
73.172.192.71 (c-73-172-192-71.hsd1.md.comcast.net): 6 times
91.224.161.73: 34 times
104.130.165.54: 35 times
147.75.101.31: 23 times
171.212.142.45: 6 times
190.179.136.155 (190-179-136-155.speedy.com.ar): 6 times
193.201.224.39: 68 times
210.39.6.85: 50 times
Users logging in through sshd:
awertz:
150.212.88.174: 1 time
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
204.148.24.98 (Internet-gw.customer.alter.net): 7 times
50.246.124.193 (50-246-124-193-static.hfc.comcastbusiness.net): 2 times
igitman:
128.237.217.122: 2 times
joliva:
67.186.34.202 (c-67-186-34-202.hsd1.pa.comcast.net): 4 times
mbarnes1:
74.98.251.128 (pool-74-98-251-128.pitbpa.fios.verizon.net): 2 times
73.79.83.141 (c-73-79-83-141.hsd1.pa.comcast.net): 1 time
pengrui:
24.131.224.151 (c-24-131-224-151.hsd1.pa.comcast.net): 5 times
128.237.186.248: 1 time
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 1 time
yifeim:
71.61.58.134 (c-71-61-58-134.hsd1.pa.comcast.net): 8 times
Received disconnect:
11: Bye Bye : 122 Time(s)
11: Closed due to user request. : 7 Time(s)
11: disconnected by user : 30 Time(s)
3: com.jcraft.jsch.JSchException: Auth fail : 51 Time(s)
Setting tty modes failed:
Invalid argument : 1 Time(s)
SFTP subsystem requests: 1 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.81.131.192 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.184.234.37 : 1 time(s)
reverse mapping checking getaddrinfo for 201-179-10-254.speedy.com.ar [201.179.10.254] failed - POSSIBLE BREAK-IN ATTEMPT! : 5 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.39 : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.212.142.45 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.119.86.65 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 188-27-120-48.rdsnet.ro [188.27.120.48] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.161.73 user=root : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.161.73 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-172-192-71.hsd1.md.comcast.net : 1 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.39 user=root : 2 time(s)
Address 204.148.24.98 maps to internet-gw.customer.alter.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
reverse mapping checking getaddrinfo for 37.234.184.60.broad.ls.zj.dynamic.163data.com.cn [60.184.234.37] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 253.226.214.190.static.pichincha.andinanet.net [190.214.226.253] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 157.quickrelay.com [70.150.240.157] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 18 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.237.173.8 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.213.133.230 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.187.170.227.dynamic.adsl.gvt.net.br user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.179.10.254 user=root : 5 time(s)
PAM service(sshd) ignoring max retries; 4 > 3 : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.179.136.155 : 1 time(s)
PAM service(sshd) ignoring max retries; 5 > 3 : 15 time(s)
PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.161.73 user=root : 1 time(s)
Address 27.72.65.175 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.27.120.48 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 192.131.81.117.broad.sz.js.dynamic.163data.com.cn [117.81.131.192] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.39 : 8 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.214.226.253 user=root : 1 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.161.73 user=root : 1 time(s)
PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.39 user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=ti0100a400-1587.bb.online.no user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.150.240.157 : 1 time(s)
reverse mapping checking getaddrinfo for 190-179-136-155.speedy.com.ar [190.179.136.155] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.201.224.39 user=root : 2 time(s)
PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.224.161.73 : 4 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
R-core-devel-3.3.2-3.sdl6.x86_64
slurm-16.05.8-5.sdl6.x86_64
R-java-devel-3.3.2-3.sdl6.x86_64
R-core-3.3.2-3.sdl6.x86_64
slurm-plugins-16.05.8-5.sdl6.x86_64
R-java-3.3.2-3.sdl6.x86_64
R-3.3.2-3.sdl6.x86_64
libRmath-3.3.2-3.sdl6.x86_64
R-devel-3.3.2-3.sdl6.x86_64
libRmath-devel-3.3.2-3.sdl6.x86_64
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.0G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list