Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Tue Feb 7 03:06:20 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Tue Feb 7 03:06:19 2017
Date Range Processed: yesterday
( 2017-Feb-06 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Mon Feb 6 05:09:34 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-23006.cdiff [100%]
Downloading daily-23007.cdiff [100%]
Downloading daily-23008.cdiff [100%]
Downloading daily-23009.cdiff [100%]
Downloading daily-23010.cdiff [100%]
Downloading daily-23011.cdiff [100%]
Downloading daily-23012.cdiff [100%]
daily.cld updated (version: 23012, sigs: 1509862, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5728707 signatures) from db.local.clamav.net (IP: 69.163.100.14)
---------------------- clam-update End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
chrome : 4 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
write UDPv4: Network is unreachable (code=101): 9 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (43.227.194.32): 348 Time(s)
unknown (173.244.209.66): 195 Time(s)
root (43.227.194.32): 36 Time(s)
unknown (23.100.27.151): 21 Time(s)
unknown (91.197.232.103): 17 Time(s)
unknown (182.162.85.250): 14 Time(s)
postgres (43.227.194.32): 6 Time(s)
nobody (43.227.194.32): 5 Time(s)
tomcat (43.227.194.32): 5 Time(s)
igitman (pool-74-111-100-11.pitbpa.fios.verizon.net): 4 Time(s)
igitman (128.237.177.182): 3 Time(s)
mysql (43.227.194.32): 3 Time(s)
openvpn (43.227.194.32): 3 Time(s)
root (91.197.232.103): 3 Time(s)
bin (43.227.194.32): 2 Time(s)
postgres (182.162.85.250): 2 Time(s)
apache (173.244.209.66): 1 Time(s)
backup (173.244.209.66): 1 Time(s)
mysql (173.244.209.66): 1 Time(s)
mysql (23.100.27.151): 1 Time(s)
openvpn (173.244.209.66): 1 Time(s)
operator (91.197.232.103): 1 Time(s)
postfix (173.244.209.66): 1 Time(s)
postfix (23.100.27.151): 1 Time(s)
postgres (173.244.209.66): 1 Time(s)
postgres (23.100.27.151): 1 Time(s)
root (14.175.16.62.customer.cdi.no): 1 Time(s)
root (173.244.209.66): 1 Time(s)
root (182.162.85.250): 1 Time(s)
root (23.100.27.151): 1 Time(s)
root (89-96-248-198.ip14.fastwebnet.it): 1 Time(s)
root (99-17-83-224.lightspeed.knvltn.sbcglobal.net): 1 Time(s)
tomcat (173.244.209.66): 1 Time(s)
Invalid Users:
Unknown Account: 612 Time(s)
su:
Sessions Opened:
root -> predrag: 8 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
16.999K Bytes accepted 17,407
16.999K Bytes delivered 17,407
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
root : 3 Time(s)
Failed logins from:
23.100.27.151: 4 times
43.227.194.32: 60 times
62.16.175.14 (14.175.16.62.customer.cdi.no): 6 times
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 1 time
89.96.248.198 (89-96-248-198.ip14.fastwebnet.it): 6 times
91.197.232.103 (hostby.planet-telecom.eu): 13 times
99.17.83.224 (99-17-83-224.lightspeed.knvltn.sbcglobal.net): 6 times
173.244.209.66 (173.244.209.66.static.midphase.com): 8 times
182.162.85.250: 3 times
Illegal users from:
23.100.27.151: 21 times
43.227.194.32: 348 times
91.197.232.103 (hostby.planet-telecom.eu): 34 times
173.244.209.66 (173.244.209.66.static.midphase.com): 195 times
182.162.85.250: 14 times
Users logging in through sshd:
awertz:
24.3.140.134 (c-24-3-140-134.hsd1.pa.comcast.net): 3 times
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
74.98.221.134 (pool-74-98-221-134.pitbpa.fios.verizon.net): 1 time
128.237.195.66 (Eltons-iPhone.wv.cc.cmu.edu): 1 time
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 2 times
igitman:
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 4 times
128.237.177.182: 3 times
joliva:
67.186.34.202 (c-67-186-34-202.hsd1.pa.comcast.net): 1 time
ngisolfi:
128.2.178.134 (gs15623.sp.cs.cmu.edu): 4 times
pengrui:
128.237.172.92: 1 time
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 7 times
128.2.204.201 (areas.auton.cs.cmu.edu): 2 times
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 1 time
sibiv:
128.2.178.16 (gs14416.sp.cs.cmu.edu): 5 times
Received disconnect:
11: Bye Bye : 656 Time(s)
11: disconnected by user : 21 Time(s)
Setting tty modes failed:
Invalid argument : 2 Time(s)
SFTP subsystem requests: 2 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=89-96-248-198.ip14.fastwebnet.it user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 4 > 3 : 1 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.197.232.103 user=root : 1 time(s)
PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.197.232.103 : 4 time(s)
PAM 4 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.197.232.103 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 5 > 3 : 5 time(s)
reverse mapping checking getaddrinfo for 173.244.209.66.static.midphase.com [173.244.209.66] failed - POSSIBLE BREAK-IN ATTEMPT! : 203 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=pool-74-111-100-11.pitbpa.fios.verizon.net user=igitman : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.197.232.103 : 1 time(s)
reverse mapping checking getaddrinfo for hostby.planet-telecom.eu [91.197.232.103] failed - POSSIBLE BREAK-IN ATTEMPT! : 21 time(s)
Protocol major versions differ for 47.89.187.157: SSH-2.0-OpenSSH_5.3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s)
reverse mapping checking getaddrinfo for igor-ubuntu.wv.cc.cmu.edu [128.237.177.182] failed - POSSIBLE BREAK-IN ATTEMPT! : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=99-17-83-224.lightspeed.knvltn.sbcglobal.net user=root : 1 time(s)
PAM 3 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=91.197.232.103 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.175.16.62.customer.cdi.no user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 3 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- XNTPD Begin ------------------------
**Unmatched Entries**
Listen normally on 7 eth0 128.2.177.47 UDP 123: 1 time(s)
---------------------- XNTPD End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
VirtualBox-5.1-5.1.14_112924_el6-1.x86_64
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.1G 81% /
/dev/sda1 477M 216M 236M 48% /boot
/dev/mapper/vg_loom-lv_home
178G 58G 111G 35% /home
/dev/sdb5 466G 86G 381G 19% /media/GAMMA
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list