Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Thu Feb 2 03:30:13 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Thu Feb 2 03:30:13 2017
Date Range Processed: yesterday
( 2017-Feb-01 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Wed Feb 1 04:27:03 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22977.cdiff [100%]
Downloading daily-22978.cdiff [100%]
Downloading daily-22979.cdiff [100%]
Downloading daily-22980.cdiff [100%]
Downloading daily-22981.cdiff [100%]
Downloading daily-22982.cdiff [100%]
daily.cld updated (version: 22982, sigs: 1505279, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5724124 signatures) from db.local.clamav.net (IP: 194.8.197.22)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (202.115.80.212): 1560 Time(s)
root (202.115.80.212): 58 Time(s)
unknown (ec2-54-144-225-84.compute-1.amazonaws.com): 36 Time(s)
adm (202.115.80.212): 14 Time(s)
root (ec2-54-144-225-84.compute-1.amazonaws.com): 14 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 13 Time(s)
lp (202.115.80.212): 10 Time(s)
mysql (202.115.80.212): 10 Time(s)
apache (202.115.80.212): 9 Time(s)
mail (202.115.80.212): 9 Time(s)
ftp (202.115.80.212): 8 Time(s)
bin (202.115.80.212): 7 Time(s)
backup (202.115.80.212): 6 Time(s)
games (202.115.80.212): 6 Time(s)
nobody (202.115.80.212): 6 Time(s)
operator (202.115.80.212): 6 Time(s)
postfix (202.115.80.212): 6 Time(s)
rpc (202.115.80.212): 6 Time(s)
sshd (202.115.80.212): 6 Time(s)
sync (202.115.80.212): 6 Time(s)
uucp (202.115.80.212): 6 Time(s)
daemon (202.115.80.212): 4 Time(s)
gopher (202.115.80.212): 4 Time(s)
nfsnobody (202.115.80.212): 4 Time(s)
postgres (202.115.80.212): 4 Time(s)
rpcuser (202.115.80.212): 4 Time(s)
vcsa (202.115.80.212): 4 Time(s)
igitman (igor-ubuntu.wv.cc.cmu.edu): 2 Time(s)
igitman (pool-74-111-100-11.pitbpa.fios.verizon.net): 2 Time(s)
jayanthkoushik (pool-74-109-254-57.pitbpa.fios.verizon.net): 2 Time(s)
ldap (202.115.80.212): 2 Time(s)
ftp (ec2-54-144-225-84.compute-1.amazonaws.com): 1 Time(s)
lujiec (late.auton.cs.cmu.edu): 1 Time(s)
mail (ec2-54-144-225-84.compute-1.amazonaws.com): 1 Time(s)
mysql (ec2-54-144-225-84.compute-1.amazonaws.com): 1 Time(s)
operator (ec2-54-144-225-84.compute-1.amazonaws.com): 1 Time(s)
root (117.28.255.89): 1 Time(s)
root (175.162.112.53): 1 Time(s)
root (183.39.183.65): 1 Time(s)
root (183.93.252.136): 1 Time(s)
root (190.178.92.66): 1 Time(s)
root (83.234.254.126): 1 Time(s)
root (softbank126103190174.bbtec.net): 1 Time(s)
unknown (113.194.148.138): 1 Time(s)
unknown (144.0.226.101): 1 Time(s)
unknown (81-214-87-177.alternativaprovedor.com.br): 1 Time(s)
Invalid Users:
Unknown Account: 1609 Time(s)
su:
Sessions Opened:
root -> predrag: 3 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
33.705K Bytes accepted 34,514
33.705K Bytes delivered 34,514
======== ================================================
9 Accepted 100.00%
-------- ------------------------------------------------
9 Total 100.00%
======== ================================================
9 Removed from queue
6 Sent via SMTP
3 Forwarded
6 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 2 Time(s)
root : 6 Time(s)
Failed logins from:
54.144.225.84 (ec2-54-144-225-84.compute-1.amazonaws.com): 18 times
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 1 time
83.234.254.126: 6 times
117.28.255.89: 1 time
126.103.190.174 (softbank126103190174.bbtec.net): 6 times
175.162.112.53: 6 times
183.39.183.65: 6 times
183.93.252.136: 6 times
190.178.92.66 (190-178-92-66.speedy.com.ar): 6 times
202.115.80.212: 205 times
Illegal users from:
54.144.225.84 (ec2-54-144-225-84.compute-1.amazonaws.com): 36 times
113.194.148.138 (138.148.194.113.adsl-pool.jx.chinaunicom.com): 6 times
144.0.226.101: 1 time
177.87.214.81 (81-214-87-177.alternativaprovedor.com.br): 6 times
202.115.80.212: 1560 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
204.148.24.98 (Internet-gw.customer.alter.net): 7 times
igitman:
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 2 times
128.237.188.27: 2 times
jayanthkoushik:
128.237.211.46: 11 times
74.109.254.57 (pool-74-109-254-57.pitbpa.fios.verizon.net): 2 times
128.237.172.54 (Jayanths-MBP-2.wv.cc.cmu.edu): 2 times
joliva:
128.237.165.108: 3 times
lujiec:
128.2.182.178 (late.auton.cs.cmu.edu): 1 time
ngisolfi:
128.2.178.134 (gs15623.sp.cs.cmu.edu): 3 times
pengrui:
24.131.224.151 (c-24-131-224-151.hsd1.pa.comcast.net): 2 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 4 times
yifeim:
71.61.58.134 (c-71-61-58-134.hsd1.pa.comcast.net): 1 time
Received disconnect:
11: Bye Bye : 1765 Time(s)
11: disconnected by user : 29 Time(s)
3: com.jcraft.jsch.JSchException: Auth fail : 54 Time(s)
Setting tty modes failed:
Invalid argument : 1 Time(s)
SFTP subsystem requests: 3 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.178.92.66 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 138.148.194.113.adsl-pool.jx.chinaunicom.com [113.194.148.138] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.162.112.53 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.39.183.65 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=83.234.254.126 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.194.148.138 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=81-214-87-177.alternativaprovedor.com.br : 1 time(s)
Address 204.148.24.98 maps to internet-gw.customer.alter.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=pool-74-111-100-11.pitbpa.fios.verizon.net user=igitman : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=softbank126103190174.bbtec.net user=root : 1 time(s)
reverse mapping checking getaddrinfo for 190-178-92-66.speedy.com.ar [190.178.92.66] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.93.252.136 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 8 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
ansible-2.2.1.0-1.el6.noarch
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.0G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list