Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Fri Jan 13 03:33:10 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Fri Jan 13 03:33:10 2017
Date Range Processed: yesterday
( 2017-Jan-12 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Thu Jan 12 04:23:42 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
nonblock_recv: recv timing out (30 secs)
WARNING: getfile: Error while reading database from db.local.clamav.net (IP: 128.199.133.36): Operation now in progress
WARNING: getpatch: Can't download daily-22873.cdiff from db.local.clamav.net
Downloading daily-22873.cdiff [100%]
Downloading daily-22874.cdiff [100%]
Downloading daily-22875.cdiff [100%]
Downloading daily-22876.cdiff [100%]
Downloading daily-22877.cdiff [100%]
Downloading daily-22878.cdiff [100%]
daily.cld updated (version: 22878, sigs: 1337674, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 285, sigs: 57, f-level: 63, builder: bbaker)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5556521 signatures) from db.local.clamav.net (IP: 64.22.33.90)
---------------------- clam-update End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
chrome : 6 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (pgh-nvs-12.iso.cmu.edu): 20 Time(s)
unknown (163.172.191.134): 17 Time(s)
root (163.172.191.134): 12 Time(s)
root (pgh-nvs-12.iso.cmu.edu): 9 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 3 Time(s)
root (190.185.150.13): 3 Time(s)
elei (c-71-206-238-214.hsd1.pa.comcast.net): 1 Time(s)
nobody (180.111.82.250): 1 Time(s)
root (101.204.215.76): 1 Time(s)
root (110.154.181.86): 1 Time(s)
root (115.199.162.89): 1 Time(s)
root (115.208.148.88): 1 Time(s)
root (122.231.178.232): 1 Time(s)
root (122.241.138.217): 1 Time(s)
root (144.12.68.241): 1 Time(s)
root (179.40.204.187): 1 Time(s)
root (180.102.35.128): 1 Time(s)
root (183.94.61.80): 1 Time(s)
root (190.214.173.254): 1 Time(s)
root (191.81.162.31): 1 Time(s)
root (191.84.40.181): 1 Time(s)
root (2.189.144.131): 1 Time(s)
root (201.178.65.108): 1 Time(s)
root (218.63.0.16): 1 Time(s)
root (231-145-159-201.supply.net.br): 1 Time(s)
root (31.162.166.204): 1 Time(s)
root (36.22.200.246): 1 Time(s)
root (37.221.177.22): 1 Time(s)
root (59-100-18-130.bri.static-ipl.aapt.com.au): 1 Time(s)
root (59.40.210.244): 1 Time(s)
root (60.54.70.170): 1 Time(s)
root (62.122.23.86): 1 Time(s)
root (94.50.179.128): 1 Time(s)
root (ip68-97-68-189.ok.ok.cox.net): 1 Time(s)
unknown (109-61-174-16.dsl.orel.ru): 1 Time(s)
unknown (14.159.198.43): 1 Time(s)
unknown (144.0.237.80): 1 Time(s)
unknown (144.12.105.228): 1 Time(s)
unknown (175.144.151.185): 1 Time(s)
unknown (178-45-20-211.saransk.ru): 1 Time(s)
unknown (186.134.165.223): 1 Time(s)
unknown (188.19.28.232): 1 Time(s)
unknown (221.13.144.59): 1 Time(s)
unknown (42.122.9.199): 1 Time(s)
unknown (5.234.53.183): 1 Time(s)
unknown (59-100-18-130.bri.static-ipl.aapt.com.au): 1 Time(s)
unknown (67.214.118.66.brainstorminternet.net): 1 Time(s)
unknown (94.51.73.246): 1 Time(s)
unknown (ppp-94-65-50-115.home.otenet.gr): 1 Time(s)
Invalid Users:
Unknown Account: 118 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
72.127K Bytes accepted 73,858
72.127K Bytes delivered 73,858
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
2 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 6 Time(s)
administrator : 1 Time(s)
finance : 1 Time(s)
maria : 1 Time(s)
mother : 1 Time(s)
nobody : 1 Time(s)
proftpd : 1 Time(s)
root : 29 Time(s)
ubnt : 2 Time(s)
Failed logins from:
2.189.144.131: 6 times
31.162.166.204: 6 times
36.22.200.246: 6 times
37.221.177.22 (nat22.177.mywimax.me): 6 times
59.40.210.244 (244.210.40.59.broad.sz.gd.dynamic.163data.com.cn): 6 times
59.100.18.130 (59-100-18-130.bri.static-ipl.aapt.com.au): 6 times
60.54.70.170: 6 times
62.122.23.86: 6 times
68.97.68.189 (ip68-97-68-189.ok.ok.cox.net): 6 times
94.50.179.128: 6 times
101.204.215.76: 6 times
110.154.181.86: 6 times
115.199.162.89: 6 times
115.208.148.88: 6 times
122.231.178.232: 6 times
122.241.138.217: 6 times
128.2.13.82 (PGH-NVS-12.ISO.CMU.EDU): 9 times
144.12.68.241: 6 times
163.172.191.134 (134-191-172-163.rev.cloud.scaleway.com): 12 times
179.40.204.187 (179-40-204-187.speedy.com.ar): 6 times
180.102.35.128: 6 times
180.111.82.250: 6 times
183.94.61.80: 6 times
190.185.150.13 (13.150.185.190.unassigned.ridsa.com.ar): 18 times
190.214.173.254 (254.173.214.190.static.pichincha.andinanet.net): 6 times
191.81.162.31 (191-81-162-31.speedy.com.ar): 6 times
191.84.40.181: 6 times
201.159.145.231 (231-145-159-201.supply.net.br): 6 times
201.178.65.108 (201-178-65-108.speedy.com.ar): 6 times
218.63.0.16 (16.0.63.218.dial.sm.yn.dynamic.163data.com.cn): 6 times
Illegal users from:
5.234.53.183: 6 times
14.159.198.43: 6 times
42.122.9.199: 6 times
59.100.18.130 (59-100-18-130.bri.static-ipl.aapt.com.au): 1 time
66.118.214.67 (67.214.118.66.brainstorminternet.net): 6 times
94.51.73.246: 6 times
94.65.50.115 (ppp-94-65-50-115.home.otenet.gr): 6 times
109.61.174.16 (109-61-174-16.dsl.orel.ru): 6 times
128.2.13.82 (PGH-NVS-12.ISO.CMU.EDU): 20 times
144.0.237.80: 6 times
144.12.105.228: 6 times
163.172.191.134 (134-191-172-163.rev.cloud.scaleway.com): 17 times
175.144.151.185: 6 times
178.45.20.211 (178-45-20-211.saransk.ru): 6 times
186.134.165.223 (186-134-165-223.speedy.com.ar): 6 times
188.19.28.232: 6 times
221.13.144.59 (hn.kd.smx.adsl): 2 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
128.237.184.202: 1 time
elei:
71.206.238.214 (c-71-206-238-214.hsd1.pa.comcast.net): 1 time
jayanthkoushik:
128.237.207.231: 3 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 1 time
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 2 times
sibiv:
128.2.178.16 (gs14416.sp.cs.cmu.edu): 1 time
Received disconnect:
11: Bye Bye : 29 Time(s)
11: disconnected by user : 6 Time(s)
3: com.jcraft.jsch.JSchException: Auth fail : 31 Time(s)
Setting tty modes failed:
Invalid argument : 1 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.134.165.223 : 1 time(s)
reverse mapping checking getaddrinfo for 13.150.185.190.unassigned.ridsa.com.ar [190.185.150.13] failed - POSSIBLE BREAK-IN ATTEMPT! : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.40.210.244 user=root : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.13.144.59 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.185.150.13 user=root : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.111.82.250 user=nobody : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.12.68.241 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109-61-174-16.dsl.orel.ru : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.189.144.131 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.63.0.16 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.221.177.22 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.208.148.88 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip68-97-68-189.ok.ok.cox.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=231-145-159-201.supply.net.br user=root : 1 time(s)
reverse mapping checking getaddrinfo for 186-134-165-223.speedy.com.ar [186.134.165.223] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.22.200.246 user=root : 1 time(s)
reverse mapping checking getaddrinfo for hn.kd.smx.adsl [221.13.144.59] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.54.70.170 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.50.179.128 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.0.237.80 : 1 time(s)
reverse mapping checking getaddrinfo for 179-40-204-187.speedy.com.ar [179.40.204.187] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 16.0.63.218.dial.sm.yn.dynamic.163data.com.cn [218.63.0.16] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.144.151.185 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.199.162.89 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 201-178-65-108.speedy.com.ar [201.178.65.108] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.40.204.187 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.19.28.232 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.162.166.204 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.81.162.31 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.234.53.183 : 1 time(s)
Protocol major versions differ for 212.83.166.11: SSH-2.0-OpenSSH_5.3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.102.35.128 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.94.61.80 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 43 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59-100-18-130.bri.static-ipl.aapt.com.au user=root : 1 time(s)
reverse mapping checking getaddrinfo for nat22.177.mywimax.me [37.221.177.22] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 134-191-172-163.rev.cloud.scaleway.com [163.172.191.134] failed - POSSIBLE BREAK-IN ATTEMPT! : 29 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.204.215.76 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.122.9.199 : 1 time(s)
reverse mapping checking getaddrinfo for 191-81-162-31.speedy.com.ar [191.81.162.31] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.214.173.254 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.231.178.232 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=62.122.23.86 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=ppp-94-65-50-115.home.otenet.gr : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.178.65.108 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=67.214.118.66.brainstorminternet.net : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.84.40.181 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 244.210.40.59.broad.sz.gd.dynamic.163data.com.cn [59.40.210.244] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.159.198.43 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.154.181.86 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.241.138.217 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.51.73.246 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.12.105.228 : 1 time(s)
reverse mapping checking getaddrinfo for 254.173.214.190.static.pichincha.andinanet.net [190.214.173.254] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178-45-20-211.saransk.ru : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- yum Begin ------------------------
Packages Installed:
AdobeReader_enu-9.5.5-1.i486
kernel-2.6.32-642.13.1.el6.x86_64
kernel-debug-2.6.32-642.13.1.el6.x86_64
kernel-devel-2.6.32-642.13.1.el6.x86_64
Packages Updated:
httpd-2.2.15-56.el6_8.3.x86_64
kernel-firmware-2.6.32-642.13.1.el6.noarch
ORBit2-2.14.17-6.el6_8.x86_64
kernel-doc-2.6.32-642.13.1.el6.noarch
kernel-abi-whitelists-2.6.32-642.13.1.el6.noarch
httpd-tools-2.2.15-56.el6_8.3.x86_64
globus-gssapi-gsi-12.13-1.el6.x86_64
db4-4.7.25-20.el6_8.1.i686
1:java-1.8.0-openjdk-headless-1.8.0.111-1.b15.el6_8.x86_64
db4-cxx-4.7.25-20.el6_8.1.x86_64
db4-utils-4.7.25-20.el6_8.1.x86_64
db4-devel-4.7.25-20.el6_8.1.x86_64
bash-4.1.2-41.el6_8.x86_64
kernel-debug-devel-2.6.32-642.13.1.el6.x86_64
kernel-headers-2.6.32-642.13.1.el6.x86_64
db4-4.7.25-20.el6_8.1.x86_64
lftp-4.0.9-6.el6_8.4.x86_64
rdma-6.8_4.1-2.el6_8.noarch
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.4G 80% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 53G 116G 32% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list