Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Wed Feb 8 03:47:12 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Wed Feb 8 03:47:12 2017
Date Range Processed: yesterday
( 2017-Feb-07 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Tue Feb 7 03:39:00 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 207.57.106.31)
Trying host db.local.clamav.net (168.143.19.95)...
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 168.143.19.95)
Trying host db.local.clamav.net (128.199.133.36)...
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 128.199.133.36): Operation now in progress
WARNING: getpatch: Can't download daily-23013.cdiff from db.local.clamav.net
Downloading daily-23013.cdiff [100%]
Downloading daily-23014.cdiff [100%]
Downloading daily-23015.cdiff [100%]
Downloading daily-23016.cdiff [100%]
Downloading daily-23017.cdiff [100%]
daily.cld updated (version: 23017, sigs: 1511215, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5730060 signatures) from db.local.clamav.net (IP: 69.163.100.14)
---------------------- clam-update End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
chrome : 3 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
wherland (williams-mbp-4.wv.cc.cmu.edu): 17 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 9 Time(s)
cnagpal (desktop-v557uo3.wv.cc.cmu.edu): 5 Time(s)
unknown (118.244.252.44): 5 Time(s)
igitman (pool-74-111-100-11.pitbpa.fios.verizon.net): 4 Time(s)
unknown (williams-mbp-4.wv.cc.cmu.edu): 3 Time(s)
igitman (igor-ubuntu.wv.cc.cmu.edu): 2 Time(s)
root (120.132.4.45): 2 Time(s)
cnagpal (abhilashas-mbp.wv.cc.cmu.edu): 1 Time(s)
dwang (areas.auton.cs.cmu.edu): 1 Time(s)
pengrui (c-24-131-224-151.hsd1.pa.comcast.net): 1 Time(s)
root (118.244.252.44): 1 Time(s)
root (70.37.164.0): 1 Time(s)
unknown (118.33.200.205): 1 Time(s)
unknown (77.41.122.127): 1 Time(s)
unknown (jayanths-mbp-2.wv.cc.cmu.edu): 1 Time(s)
Invalid Users:
Unknown Account: 24 Time(s)
su:
Sessions Opened:
root -> predrag: 2 Time(s)
sudo:
Authentication Failures:
wherland(1059) -> wherland: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
23.076K Bytes accepted 23,630
23.076K Bytes delivered 23,630
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
2 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
useradd: failed adding user 'ntp', exit code: 9: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 2 Time(s)
Failed logins from:
70.37.164.0: 1 time
118.244.252.44: 1 time
120.132.4.45: 2 times
128.237.171.148: 2 times
128.237.221.59: 1 time
128.237.222.249: 2 times
Illegal users from:
77.41.122.127 (host-77-41-122-127.qwerty.ru): 6 times
118.33.200.205: 6 times
118.244.252.44: 5 times
128.237.166.185: 1 time
128.237.222.249: 6 times
Users logging in through sshd:
awertz:
24.3.140.134 (c-24-3-140-134.hsd1.pa.comcast.net): 1 time
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
128.237.176.240: 1 time
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 6 times
cnagpal:
128.237.171.148: 5 times
128.237.164.19: 1 time
dwang:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
igitman:
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 4 times
128.237.221.59: 2 times
jayanthkoushik:
128.237.166.185: 9 times
mravanba:
64.134.228.229 (ip-64-134-228-229.public.wayport.net): 1 time
ngisolfi:
128.2.178.134 (gs15623.sp.cs.cmu.edu): 7 times
172.31.52.114: 5 times
67.163.151.51 (c-67-163-151-51.hsd1.pa.comcast.net): 2 times
pengrui:
128.237.169.98: 4 times
24.131.224.151 (c-24-131-224-151.hsd1.pa.comcast.net): 1 time
predrag:
128.2.204.201 (areas.auton.cs.cmu.edu): 5 times
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 3 times
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 2 times
wherland:
128.237.222.249: 17 times
Received disconnect:
11: Bye Bye : 8 Time(s)
11: disconnected by user : 60 Time(s)
Setting tty modes failed:
Invalid argument : 4 Time(s)
SFTP subsystem requests: 1 Time(s)
**Unmatched Entries**
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=desktop-v557uo3.wv.cc.cmu.edu user=cnagpal : 2 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=williams-mbp-4.wv.cc.cmu.edu user=wherland : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.41.122.127 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.33.200.205 : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=igor-ubuntu.wv.cc.cmu.edu user=igitman : 1 time(s)
reverse mapping checking getaddrinfo for host-77-41-122-127.qwerty.ru [77.41.122.127] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=williams-mbp-4.wv.cc.cmu.edu : 3 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 2 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
==============================================================================
wherland => root
----------------
/bin/mkdir - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- XNTPD Begin ------------------------
XNTPD Killed: 1 Time(s)
XNTPD Started: 1 Time(s)
**Unmatched Entries**
Listen normally on 5 lo ::1 UDP 123: 1 time(s)
0.0.0.0 c012 02 freq_set kernel -15.578 PPM: 1 time(s)
Listen normally on 6 eth0 fe80::baae:edff:fe7c:81b UDP 123: 1 time(s)
Listen normally on 2 lo 127.0.0.1 UDP 123: 1 time(s)
0.0.0.0 c01d 0d kern kernel time sync enabled: 1 time(s)
Listen and drop on 1 v6wildcard :: UDP 123: 1 time(s)
Listen normally on 3 eth0 128.2.177.47 UDP 123: 1 time(s)
Listen normally on 4 tun0 10.8.0.6 UDP 123: 1 time(s)
Listening on routing socket on fd #23 for interface updates: 1 time(s)
0.0.0.0 c016 06 restart: 1 time(s)
0.0.0.0 c615 05 clock_sync: 1 time(s)
Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123: 1 time(s)
---------------------- XNTPD End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
ntpdate-4.2.6p5-10.el6_8.2.x86_64
ntp-4.2.6p5-10.el6_8.2.x86_64
spice-server-0.12.4-13.el6_8.2.x86_64
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.1G 81% /
/dev/sda1 477M 216M 236M 48% /boot
/dev/mapper/vg_loom-lv_home
178G 54G 115G 32% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list