Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Fri Feb 3 03:40:13 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Fri Feb 3 03:40:13 2017
Date Range Processed: yesterday
( 2017-Feb-02 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- Automount Begin ------------------------
**Unmatched Entries**
setautomntent: lookup(sss): setautomntent: No such file or directory: 1 Time(s)
---------------------- Automount End -------------------------
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Thu Feb 2 03:47:59 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22983.cdiff [100%]
Downloading daily-22984.cdiff [100%]
Downloading daily-22985.cdiff [100%]
Downloading daily-22986.cdiff [100%]
Downloading daily-22987.cdiff [100%]
daily.cld updated (version: 22987, sigs: 1506491, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5725336 signatures) from db.local.clamav.net (IP: 198.148.78.4)
---------------------- clam-update End -------------------------
--------------------- Cron Begin ------------------------
**Unmatched Entries**
INFO (RANDOM_DELAY will be scaled with factor 59% if used.)
---------------------- Cron End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
chrome : 3 Time(s)
WARNING: Kernel Errors Present
dracut: error: unexpectedly di ...: 1 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Control Channel:
Incoming:
160 bit SHA1 used 1 Time(s)
Outgoing:
160 bit SHA1 used 1 Time(s)
Data Channel:
Decrypt:
160 bit SHA1 used 21 Time(s)
Encrypt:
160 bit SHA1 used 21 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 21 Time(s)
Encrypt:
256 bit AES-256-CBC used 21 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 21 Time(s)
ROUTE_GATEWAY 128.2.176.1/255.255.248.0 IFACE=eth0 HWADDR=b8:ae:ed:7c:08:1b: 1 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 21 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 21 Time(s)
WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.: 1 Time(s)
WARNING: you are using user/group/chroot/setcon without persist-key -- this may cause restarts to fail: 1 Time(s)
[areas] Peer Connection Initiated with [AF_INET]128.2.204.201:1194: 1 Time(s)
do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0: 1 Time(s)
library versions: OpenSSL 1.0.1e-fips 11 Feb 2013, LZO 2.03: 1 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
gdm-password:
Unknown Entries:
auth could not identify password for [auton-local]: 1 Time(s)
conversation failed: 1 Time(s)
session opened for user predrag by (uid=0): 1 Time(s)
sshd:
Authentication Failures:
unknown (104.45.228.24): 103 Time(s)
root (104.45.228.24): 82 Time(s)
unknown (pgh-nvs-14.iso.cmu.edu): 20 Time(s)
root (pgh-nvs-14.iso.cmu.edu): 9 Time(s)
root (179.41.189.135): 6 Time(s)
apache (104.45.228.24): 1 Time(s)
backup (104.45.228.24): 1 Time(s)
bin (104.45.228.24): 1 Time(s)
ftp (104.45.228.24): 1 Time(s)
lujiec (late.auton.cs.cmu.edu): 1 Time(s)
nobody (104.45.228.24): 1 Time(s)
operator (104.45.228.24): 1 Time(s)
root (122.230.100.4): 1 Time(s)
root (167.0.247.116): 1 Time(s)
root (171.212.140.187): 1 Time(s)
root (200.8.223.93): 1 Time(s)
root (221.231.99.24): 1 Time(s)
root (222.134.207.218): 1 Time(s)
unknown (124.16.71.158): 1 Time(s)
unknown (222.187.46.183): 1 Time(s)
unknown (63.140.20.64): 1 Time(s)
yjchoe (c-24-131-226-168.hsd1.pa.comcast.net): 1 Time(s)
Invalid Users:
Unknown Account: 141 Time(s)
su:
Sessions Opened:
root -> predrag: 4 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
52.361K Bytes accepted 53,618
52.361K Bytes delivered 53,618
======== ================================================
31 Accepted 100.00%
-------- ------------------------------------------------
31 Total 100.00%
======== ================================================
31 Removed from queue
21 Sent via SMTP
10 Forwarded
21 Connection failure (outbound)
1 Postfix start
---------------------- Postfix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
pam: gdm-password: gkr-pam: no password is available for user: 1 Time(s)
polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.27 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8): 1 Time(s)
polkitd(authority=local): Registered Authentication Agent for session /org/freedesktop/ConsoleKit/Session2 (system bus name :1.49 [/usr/libexec/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8): 1 Time(s)
polkitd(authority=local): Unregistered Authentication Agent for session /org/freedesktop/ConsoleKit/Session1 (system bus name :1.27, object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) (disconnected from bus): 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- Smartd Begin ------------------------
**Unmatched Entries**
Device: /dev/sda [SAT], SAMSUNG SSD SM841 2.5" 7mm 256GB, S/N:S12LNEAD648381, WWN:5-002538-500000000, FW:DXM01D0Q, 256 GB
---------------------- Smartd End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Started: 2 Time(s)
Disconnecting after too many authentication failures for user:
admin : 3 Time(s)
root : 12 Time(s)
Failed logins from:
104.45.228.24: 88 times
122.230.100.4: 6 times
128.2.13.84 (PGH-NVS-14.ISO.CMU.EDU): 9 times
167.0.247.116: 6 times
171.212.140.187: 6 times
179.41.189.135 (179-41-189-135.speedy.com.ar): 36 times
200.8.223.93: 6 times
221.231.99.24: 6 times
222.134.207.218: 6 times
Illegal users from:
63.140.20.64 (63.140.20.64.ifibertv.com): 6 times
104.45.228.24: 104 times
124.16.71.158: 6 times
128.2.13.84 (PGH-NVS-14.ISO.CMU.EDU): 20 times
222.187.46.183: 6 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
ckaffine:
128.237.145.58 (VPN-128-237-145-58.LIBRARY.VPN.CMU.EDU): 11 times
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 7 times
lujiec:
128.2.182.178 (late.auton.cs.cmu.edu): 1 time
ngisolfi:
67.163.151.51 (c-67-163-151-51.hsd1.pa.comcast.net): 2 times
pengrui:
24.131.224.151 (c-24-131-224-151.hsd1.pa.comcast.net): 3 times
128.237.180.135: 2 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 2 times
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 4 times
sibiv:
128.2.178.16 (gs14416.sp.cs.cmu.edu): 5 times
yifeim:
128.237.140.232: 1 time
yjchoe:
24.131.226.168 (c-24-131-226-168.hsd1.pa.comcast.net): 1 time
Received disconnect:
11: disconnected by user : 28 Time(s)
3: com.jcraft.jsch.JSchException: Auth fail : 31 Time(s)
Setting tty modes failed:
Invalid argument : 1 Time(s)
SFTP subsystem requests: 2 Time(s)
**Unmatched Entries**
reverse mapping checking getaddrinfo for 179-41-189-135.speedy.com.ar [179.41.189.135] failed - POSSIBLE BREAK-IN ATTEMPT! : 6 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.212.140.187 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.187.46.183 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.8.223.93 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.41.189.135 user=root : 6 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.16.71.158 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=63.140.20.64 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.231.99.24 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.230.100.4 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 63.140.20.64.ifibertv.com [63.140.20.64] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.134.207.218 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 15 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.0.247.116 user=root : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- XNTPD Begin ------------------------
XNTPD Started: 1 Time(s)
**Unmatched Entries**
0.0.0.0 c61c 0c clock_step +0.232574 s: 1 time(s)
0.0.0.0 c618 08 no_sys_peer: 1 time(s)
Listen normally on 5 lo ::1 UDP 123: 1 time(s)
Listen normally on 6 eth0 fe80::baae:edff:fe7c:81b UDP 123: 1 time(s)
Listen normally on 2 lo 127.0.0.1 UDP 123: 1 time(s)
0.0.0.0 c614 04 freq_mode: 1 time(s)
0.0.0.0 c01d 0d kern kernel time sync enabled: 1 time(s)
Listen and drop on 1 v6wildcard :: UDP 123: 1 time(s)
Listen normally on 3 eth0 128.2.177.47 UDP 123: 1 time(s)
Listen normally on 4 tun0 10.8.0.6 UDP 123: 1 time(s)
0.0.0.0 c612 02 freq_set kernel -14.569 PPM: 1 time(s)
0.0.0.0 c012 02 freq_set kernel -16.332 PPM: 1 time(s)
Listening on routing socket on fd #23 for interface updates: 1 time(s)
0.0.0.0 c016 06 restart: 1 time(s)
0.0.0.0 c615 05 clock_sync: 1 time(s)
Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123: 1 time(s)
---------------------- XNTPD End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
openblas-0.2.18-5.sdl6.x86_64
libtiff-3.9.4-21.el6_8.i686
libtiff-3.9.4-21.el6_8.x86_64
google-chrome-stable-56.0.2924.87-1.x86_64
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.2G 81% /
/dev/sda1 477M 216M 236M 48% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list