Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Sat Feb 4 03:12:14 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Sat Feb 4 03:12:14 2017
Date Range Processed: yesterday
( 2017-Feb-03 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Fri Feb 3 03:51:58 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22988.cdiff [100%]
Downloading daily-22989.cdiff [100%]
Downloading daily-22990.cdiff [100%]
Downloading daily-22991.cdiff [100%]
Downloading daily-22992.cdiff [100%]
Downloading daily-22993.cdiff [100%]
Downloading daily-22994.cdiff [100%]
daily.cld updated (version: 22994, sigs: 1507317, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5726162 signatures) from db.local.clamav.net (IP: 155.98.64.87)
---------------------- clam-update End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
chrome : 5 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (37.48.90.149): 45 Time(s)
unknown (37.48.90.149): 28 Time(s)
yjchoe (c-24-131-226-168.hsd1.pa.comcast.net): 14 Time(s)
kburleigh (macbook-pro-8.dhcp.lbnl.us): 10 Time(s)
kburleigh (cori09-224.nersc.gov): 3 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 2 Time(s)
kburleigh (cori04-224.nersc.gov): 2 Time(s)
lujiec (late.auton.cs.cmu.edu): 1 Time(s)
root (107.13.224.151): 1 Time(s)
root (207-192-218-168.stjocmka02.res.dyn.suddenlink.net): 1 Time(s)
Invalid Users:
Unknown Account: 28 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
26.804K Bytes accepted 27,447
26.804K Bytes delivered 27,447
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 2 Time(s)
Failed logins from:
24.131.226.168 (c-24-131-226-168.hsd1.pa.comcast.net): 1 time
37.48.90.149: 45 times
107.13.224.151 (mta-107-13-224-151.nc.rr.com): 6 times
128.55.224.39 (cori09-224.nersc.gov): 1 time
198.128.203.163: 1 time
207.192.218.168 (207-192-218-168.stjocmka02.res.dyn.suddenlink.net): 6 times
Illegal users from:
37.48.90.149: 29 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
204.148.24.98 (Internet-gw.customer.alter.net): 4 times
ckaffine:
128.237.145.58 (VPN-128-237-145-58.LIBRARY.VPN.CMU.EDU): 4 times
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 1 time
jayanthkoushik:
128.237.180.8: 2 times
kburleigh:
198.128.203.163: 10 times
128.55.224.39 (cori09-224.nersc.gov): 3 times
128.55.224.34 (cori04-224.nersc.gov): 2 times
kkandasa:
128.2.210.190 (gs13103.sp.cs.cmu.edu): 1 time
lujiec:
128.2.182.178 (late.auton.cs.cmu.edu): 1 time
mbarnes1:
128.237.218.59 (JamieYagsiPhone.wv.cc.cmu.edu): 2 times
pengrui:
128.237.180.118: 1 time
128.237.221.115: 1 time
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 8 times
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 1 time
sibiv:
67.186.35.210 (c-67-186-35-210.hsd1.pa.comcast.net): 4 times
yifeim:
65.196.126.160: 2 times
yjchoe:
24.131.226.168 (c-24-131-226-168.hsd1.pa.comcast.net): 14 times
Authentication refused:
bad ownership or modes for file /zfsauton/home/kburleigh/.ssh/authorized_keys : 15 Time(s)
Received disconnect:
11: Bye Bye : 74 Time(s)
11: disconnected by user : 55 Time(s)
Setting tty modes failed:
Invalid argument : 4 Time(s)
SFTP subsystem requests: 5 Time(s)
**Unmatched Entries**
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=cori09-224.nersc.gov user=kburleigh : 1 time(s)
Address 204.148.24.98 maps to internet-gw.customer.alter.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 4 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-24-131-226-168.hsd1.pa.comcast.net user=yjchoe : 1 time(s)
reverse mapping checking getaddrinfo for mta-107-13-224-151.nc.rr.com [107.13.224.151] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=207-192-218-168.stjocmka02.res.dyn.suddenlink.net user=root : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=macbook-pro-8.dhcp.lbnl.us user=kburleigh : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=107.13.224.151 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 2 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.2G 81% /
/dev/sda1 477M 216M 236M 48% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list