Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Sun Jan 15 03:16:13 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Sun Jan 15 03:16:13 2017
Date Range Processed: yesterday
( 2017-Jan-14 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Sat Jan 14 04:16:49 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22885.cdiff [100%]
Downloading daily-22886.cdiff [100%]
Downloading daily-22887.cdiff [100%]
Downloading daily-22888.cdiff [100%]
Downloading daily-22889.cdiff [100%]
Downloading daily-22890.cdiff [100%]
daily.cld updated (version: 22890, sigs: 1353695, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 285, sigs: 57, f-level: 63, builder: bbaker)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5572542 signatures) from db.local.clamav.net (IP: 150.214.142.197)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
jayanthkoushik (172.25.6.161): 3 Time(s)
rrabbany (deepkhoras.wv.cc.cmu.edu): 3 Time(s)
unknown (179.41.217.196): 3 Time(s)
root (1-160-126-218.dynamic.hinet.net): 2 Time(s)
root (178.132.102.50): 2 Time(s)
root (179.41.217.196): 2 Time(s)
root (186.61.17.127): 2 Time(s)
postgres (122.6.186.243): 1 Time(s)
root (103.56.183.77): 1 Time(s)
root (119.193.140.154): 1 Time(s)
root (122.189.198.89): 1 Time(s)
root (14.153.60.2): 1 Time(s)
root (140.255.87.114): 1 Time(s)
root (191.82.113.13): 1 Time(s)
root (201.23.18.199.dedicated.neoviatelecom.com.br): 1 Time(s)
root (203.182.36.104.client.static.strong-tr15.as63128.net): 1 Time(s)
root (31.162.119.62): 1 Time(s)
root (36.110.141.115): 1 Time(s)
root (61-231-192-189.dynamic.hinet.net): 1 Time(s)
root (88.203.241.194): 1 Time(s)
root (net-2-33-161-237.cust.dsl.teletu.it): 1 Time(s)
unknown (105.107.117.89.static.lrtc.lt): 1 Time(s)
unknown (115.218.56.251): 1 Time(s)
unknown (119.179.40.139): 1 Time(s)
unknown (122.189.247.129): 1 Time(s)
unknown (122.190.249.249): 1 Time(s)
unknown (123.155.114.236): 1 Time(s)
unknown (170.150.179.116): 1 Time(s)
unknown (170.79.149.167): 1 Time(s)
unknown (181.25.174.183): 1 Time(s)
unknown (183.93.248.197): 1 Time(s)
unknown (186.128.44.146): 1 Time(s)
unknown (186.59.79.215): 1 Time(s)
unknown (186.61.17.127): 1 Time(s)
unknown (186.62.53.91): 1 Time(s)
unknown (191.82.14.133): 1 Time(s)
unknown (201.250.179.129): 1 Time(s)
unknown (202.168.112.42.dynamic.rev.eftel.com): 1 Time(s)
unknown (220-134-147-230.hinet-ip.hinet.net): 1 Time(s)
unknown (5.140.128.68): 1 Time(s)
unknown (60.54.70.29): 1 Time(s)
unknown (69.172.177.253): 1 Time(s)
unknown (94.51.135.250): 1 Time(s)
unknown (peleng.g-service.ru): 1 Time(s)
Invalid Users:
Unknown Account: 156 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
29.564K Bytes accepted 30,274
29.564K Bytes delivered 30,274
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
2 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 8 Time(s)
administrator : 1 Time(s)
bill : 1 Time(s)
christopher : 1 Time(s)
cmsftp : 1 Time(s)
finance : 1 Time(s)
ftpuser : 1 Time(s)
ingres : 1 Time(s)
lucas : 1 Time(s)
postgres : 1 Time(s)
root : 21 Time(s)
support : 1 Time(s)
test : 4 Time(s)
testuser : 1 Time(s)
user : 2 Time(s)
verwalter : 1 Time(s)
walter : 1 Time(s)
Failed logins from:
1.160.126.218 (1-160-126-218.dynamic.hinet.net): 12 times
2.33.161.237 (net-2-33-161-237.cust.dsl.teletu.it): 6 times
14.153.60.2: 6 times
31.162.119.62: 6 times
36.110.141.115: 6 times
61.231.192.189 (61-231-192-189.dynamic.hinet.net): 6 times
88.203.241.194: 6 times
103.56.183.77: 6 times
104.36.182.203 (203.182.36.104.client.static.strong-tr15.as63128.net): 6 times
119.193.140.154: 6 times
122.6.186.243 (243.186.6.122.broad.ly.sd.dynamic.163data.com.cn): 6 times
122.189.198.89: 6 times
140.255.87.114: 6 times
178.132.102.50: 12 times
179.41.217.196 (179-41-217-196.speedy.com.ar): 12 times
186.61.17.127 (186-61-17-127.speedy.com.ar): 12 times
191.82.113.13 (191-82-113-13.speedy.com.ar): 6 times
201.23.18.199 (201.23.18.199.dedicated.neoviatelecom.com.br): 6 times
Illegal users from:
5.140.128.68: 6 times
60.54.70.29: 6 times
69.172.177.253 (69-172-177-253.cable.teksavvy.com): 6 times
84.22.137.34 (peleng.g-service.ru): 6 times
89.117.107.105 (105.107.117.89.static.lrtc.lt): 6 times
94.51.135.250: 6 times
115.218.56.251: 6 times
119.179.40.139: 6 times
122.189.247.129: 6 times
122.190.249.249: 6 times
123.155.114.236: 6 times
170.79.149.167: 6 times
170.150.179.116 (ip116-179-150-170.pool.acesso.net): 6 times
179.41.217.196 (179-41-217-196.speedy.com.ar): 18 times
181.25.174.183 (181-25-174-183.speedy.com.ar): 6 times
183.93.248.197: 6 times
186.59.79.215 (186-59-79-215.speedy.com.ar): 6 times
186.61.17.127 (186-61-17-127.speedy.com.ar): 6 times
186.62.53.91 (186-62-53-91.speedy.com.ar): 6 times
186.128.44.146 (186-128-44-146.speedy.com.ar): 6 times
191.82.14.133 (191-82-14-133.speedy.com.ar): 6 times
201.250.179.129 (201-250-179-129.speedy.com.ar): 6 times
202.168.112.42 (202.168.112.42.dynamic.rev.eftel.com): 6 times
220.134.147.230 (220-134-147-230.HINET-IP.hinet.net): 6 times
Users logging in through sshd:
jayanthkoushik:
172.25.6.161: 3 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 2 times
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 1 time
rrabbany:
128.237.221.67: 3 times
Received disconnect:
11: disconnected by user : 4 Time(s)
Setting tty modes failed:
Invalid argument : 2 Time(s)
SFTP subsystem requests: 2 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.107.117.89.static.lrtc.lt : 1 time(s)
reverse mapping checking getaddrinfo for 186-59-79-215.speedy.com.ar [186.59.79.215] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.25.174.183 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.168.112.42.dynamic.rev.eftel.com : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.141.115 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=69.172.177.253 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.61.17.127 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61-231-192-189.dynamic.hinet.net user=root : 1 time(s)
reverse mapping checking getaddrinfo for ip116-179-150-170.pool.acesso.net [170.150.179.116] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.182.36.104.client.static.strong-tr15.as63128.net user=root : 1 time(s)
reverse mapping checking getaddrinfo for 186-62-53-91.speedy.com.ar [186.62.53.91] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.59.79.215 : 1 time(s)
reverse mapping checking getaddrinfo for 191-82-113-13.speedy.com.ar [191.82.113.13] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 191-82-14-133.speedy.com.ar [191.82.14.133] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.153.60.2 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.218.56.251 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.189.198.89 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.82.113.13 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.23.18.199.dedicated.neoviatelecom.com.br user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.150.179.116 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=88.203.241.194 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.189.247.129 : 1 time(s)
reverse mapping checking getaddrinfo for 181-25-174-183.speedy.com.ar [181.25.174.183] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.132.102.50 user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.41.217.196 : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.128.44.146 : 1 time(s)
reverse mapping checking getaddrinfo for 186-128-44-146.speedy.com.ar [186.128.44.146] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.62.53.91 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.250.179.129 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1-160-126-218.dynamic.hinet.net user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.56.183.77 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 48 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.162.119.62 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.6.186.243 user=postgres : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.193.140.154 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.255.87.114 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=net-2-33-161-237.cust.dsl.teletu.it user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.93.248.197 : 1 time(s)
reverse mapping checking getaddrinfo for 69-172-177-253.cable.teksavvy.com [69.172.177.253] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.61.17.127 user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220-134-147-230.hinet-ip.hinet.net : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.82.14.133 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.79.149.167 : 1 time(s)
reverse mapping checking getaddrinfo for 243.186.6.122.broad.ly.sd.dynamic.163data.com.cn [122.6.186.243] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.51.135.250 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.190.249.249 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.155.114.236 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.179.40.139 : 1 time(s)
reverse mapping checking getaddrinfo for 186-61-17-127.speedy.com.ar [186.61.17.127] failed - POSSIBLE BREAK-IN ATTEMPT! : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.41.217.196 user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.140.128.68 : 1 time(s)
reverse mapping checking getaddrinfo for 179-41-217-196.speedy.com.ar [179.41.217.196] failed - POSSIBLE BREAK-IN ATTEMPT! : 5 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.54.70.29 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=peleng.g-service.ru : 1 time(s)
reverse mapping checking getaddrinfo for 201-250-179-129.speedy.com.ar [201.250.179.129] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.4G 80% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 53G 116G 32% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list