Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Mon Jan 16 03:22:13 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Mon Jan 16 03:22:13 2017
Date Range Processed: yesterday
( 2017-Jan-15 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Sun Jan 15 04:07:19 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22891.cdiff [100%]
Downloading daily-22892.cdiff [100%]
Downloading daily-22893.cdiff [100%]
Downloading daily-22894.cdiff [100%]
Downloading daily-22895.cdiff [100%]
Downloading daily-22896.cdiff [100%]
daily.cld updated (version: 22896, sigs: 1361086, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 285, sigs: 57, f-level: 63, builder: bbaker)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5579933 signatures) from db.local.clamav.net (IP: 155.98.64.87)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 9 Time(s)
root (109-61-249-189.dsl.orel.ru): 1 Time(s)
root (114-27-182-95.dynamic.hinet.net): 1 Time(s)
root (123.155.113.57): 1 Time(s)
root (176.209.73.110): 1 Time(s)
root (186.62.147.43): 1 Time(s)
root (201.177.136.71): 1 Time(s)
root (222.120.242.74): 1 Time(s)
root (76.192.100.102): 1 Time(s)
root (94.51.143.247): 1 Time(s)
unknown (103.56.239.171): 1 Time(s)
unknown (115.237.78.34): 1 Time(s)
unknown (122.243.33.244): 1 Time(s)
unknown (178.46.74.214): 1 Time(s)
unknown (218.108.215.125): 1 Time(s)
unknown (221.238.139.243): 1 Time(s)
unknown (251.red-88-0-178.dynamicip.rima-tde.net): 1 Time(s)
unknown (37.79.173.247): 1 Time(s)
unknown (5.34.133.50): 1 Time(s)
unknown (60.163.107.190): 1 Time(s)
wherland (c-71-192-160-153.hsd1.ma.comcast.net): 1 Time(s)
Invalid Users:
Unknown Account: 60 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
33.363K Bytes accepted 34,164
33.363K Bytes delivered 34,164
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
2 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
666666 : 1 Time(s)
admin : 1 Time(s)
admin1 : 1 Time(s)
cisco : 1 Time(s)
ftpuser : 1 Time(s)
jenkins : 1 Time(s)
pi : 1 Time(s)
root : 9 Time(s)
sybase : 1 Time(s)
test : 2 Time(s)
Failed logins from:
76.192.100.102: 6 times
94.51.143.247: 6 times
109.61.249.189 (109-61-249-189.dsl.orel.ru): 6 times
114.27.182.95 (114-27-182-95.dynamic.hinet.net): 6 times
123.155.113.57: 6 times
176.209.73.110: 6 times
186.62.147.43 (186-62-147-43.speedy.com.ar): 6 times
201.177.136.71 (201-177-136-71.speedy.com.ar): 6 times
222.120.242.74: 6 times
Illegal users from:
5.34.133.50 (5.34.133.50.dinamic.user.wimaxonline.es): 6 times
37.79.173.247: 6 times
60.163.107.190 (190.107.163.60.broad.jx.zj.dynamic.163data.com.cn): 6 times
88.0.178.251 (251.red-88-0-178.dynamicip.rima-tde.net): 6 times
103.56.239.171 (Kol-103.56.239.171.PMPL-Broadband.net): 6 times
115.237.78.34: 6 times
122.243.33.244: 6 times
178.46.74.214: 6 times
218.108.215.125: 6 times
221.238.139.243: 6 times
Users logging in through sshd:
jayanthkoushik:
128.237.161.114: 9 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 1 time
wherland:
71.192.160.153 (c-71-192-160-153.hsd1.ma.comcast.net): 1 time
Received disconnect:
11: disconnected by user : 11 Time(s)
Setting tty modes failed:
Invalid argument : 1 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=37.79.173.247 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.243.33.244 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.120.242.74 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=76.192.100.102 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.215.125 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.238.139.243 : 1 time(s)
reverse mapping checking getaddrinfo for 5.34.133.50.dinamic.user.wimaxonline.es [5.34.133.50] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=251.red-88-0-178.dynamicip.rima-tde.net : 1 time(s)
reverse mapping checking getaddrinfo for 201-177-136-71.speedy.com.ar [201.177.136.71] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for kol-103.56.239.171.pmpl-broadband.net [103.56.239.171] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.34.133.50 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.209.73.110 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.62.147.43 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.56.239.171 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.163.107.190 : 1 time(s)
reverse mapping checking getaddrinfo for 186-62-147-43.speedy.com.ar [186.62.147.43] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.177.136.71 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114-27-182-95.dynamic.hinet.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109-61-249-189.dsl.orel.ru user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.46.74.214 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=94.51.143.247 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 190.107.163.60.broad.jx.zj.dynamic.163data.com.cn [60.163.107.190] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.155.113.57 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.237.78.34 : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 19 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.4G 80% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 53G 116G 32% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list