Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Tue Jan 17 03:25:13 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Tue Jan 17 03:25:13 2017
Date Range Processed: yesterday
( 2017-Jan-16 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Mon Jan 16 04:09:10 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22897.cdiff [100%]
Downloading daily-22898.cdiff [100%]
Downloading daily-22899.cdiff [100%]
Downloading daily-22900.cdiff [100%]
Downloading daily-22901.cdiff [100%]
Downloading daily-22902.cdiff [100%]
daily.cld updated (version: 22902, sigs: 1364150, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 285, sigs: 57, f-level: 63, builder: bbaker)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5582997 signatures) from db.local.clamav.net (IP: 168.143.19.95)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (ec2-54-145-1-12.compute-1.amazonaws.com): 1278 Time(s)
unknown (ip-208-109-120-234.ip.secureserver.net): 8 Time(s)
ashishb (c-73-236-12-214.hsd1.pa.comcast.net): 3 Time(s)
jayanthkoushik (pool-74-109-254-57.pitbpa.fios.verizon.net): 2 Time(s)
root (ip-208-109-120-234.ip.secureserver.net): 2 Time(s)
root (1-64-55-231.static.netvigator.com): 1 Time(s)
root (109.167.10.45): 1 Time(s)
root (125.107.138.40): 1 Time(s)
root (175.139.88.138): 1 Time(s)
root (186.178.30.130): 1 Time(s)
root (190.50.116.45): 1 Time(s)
root (191.84.82.252): 1 Time(s)
root (201.178.100.107): 1 Time(s)
root (212.13.126.223): 1 Time(s)
root (39.184.255.173.client.static.strong-mf12.as54203.net): 1 Time(s)
root (59.54.225.31): 1 Time(s)
root (66.232.88.170): 1 Time(s)
unknown (113.122.40.1): 1 Time(s)
unknown (115.226.243.194): 1 Time(s)
unknown (118-105-173-42.dz.commufa.jp): 1 Time(s)
unknown (119.179.40.139): 1 Time(s)
unknown (122.189.198.202): 1 Time(s)
unknown (123.96.173.211): 1 Time(s)
unknown (124.235.77.243): 1 Time(s)
unknown (140.250.65.57): 1 Time(s)
unknown (175.143.230.70): 1 Time(s)
unknown (182.253.52.9): 1 Time(s)
unknown (190.173.130.57): 1 Time(s)
unknown (190.176.149.120): 1 Time(s)
unknown (191.81.162.235): 1 Time(s)
unknown (201.179.237.200): 1 Time(s)
unknown (42.103.208.122): 1 Time(s)
unknown (49.74.69.145): 1 Time(s)
unknown (58.19.144.233): 1 Time(s)
unknown (87.117.55.37): 1 Time(s)
unknown (a53.sub170.net78.udm.net): 1 Time(s)
unknown (static-87-101-65-216.leon.com.pl): 1 Time(s)
Invalid Users:
Unknown Account: 123 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
25.961K Bytes accepted 26,584
25.961K Bytes delivered 26,584
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
2 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
aaron : 1 Time(s)
admin : 8 Time(s)
administrator : 2 Time(s)
amy : 1 Time(s)
cisco : 1 Time(s)
monitor : 1 Time(s)
pi : 2 Time(s)
root : 12 Time(s)
telnet : 1 Time(s)
test : 1 Time(s)
user : 1 Time(s)
Failed logins from:
1.64.55.231 (1-64-55-231.static.netvigator.com): 6 times
54.145.1.12 (ec2-54-145-1-12.compute-1.amazonaws.com): 1278 times
59.54.225.31 (31.225.54.59.broad.fz.jx.dynamic.163data.com.cn): 6 times
66.232.88.170 (id-isp-88-170.ruralnetwork.net): 6 times
109.167.10.45: 6 times
125.107.138.40: 6 times
173.255.184.39 (39.184.255.173.client.static.strong-mf12.as54203.net): 6 times
175.139.88.138: 6 times
186.178.30.130 (130.30.178.186.static.pichincha.andinanet.net): 6 times
190.50.116.45 (190-50-116-45.speedy.com.ar): 6 times
191.84.82.252: 6 times
201.178.100.107 (201-178-100-107.speedy.com.ar): 6 times
208.109.120.234 (ip-208-109-120-234.ip.secureserver.net): 2 times
212.13.126.223: 6 times
Illegal users from:
42.103.208.122: 6 times
49.74.69.145: 6 times
58.19.144.233: 1 time
78.85.170.53 (a53.sub170.net78.udm.net): 6 times
87.101.65.216 (static-87-101-65-216.leon.com.pl): 6 times
87.117.55.37 (37.55.117.87.donpac.ru): 6 times
113.122.40.1: 6 times
115.226.243.194: 6 times
118.105.173.42 (118-105-173-42.dz.commufa.jp): 6 times
119.179.40.139: 6 times
122.189.198.202: 6 times
123.96.173.211: 6 times
124.235.77.243: 6 times
140.250.65.57: 6 times
175.143.230.70: 6 times
182.253.52.9: 6 times
190.173.130.57 (190-173-130-57.speedy.com.ar): 6 times
190.176.149.120 (190-176-149-120.speedy.com.ar): 6 times
191.81.162.235 (191-81-162-235.speedy.com.ar): 6 times
201.179.237.200 (201-179-237-200.speedy.com.ar): 6 times
208.109.120.234 (ip-208-109-120-234.ip.secureserver.net): 8 times
Users logging in through sshd:
ashishb:
73.236.12.214 (c-73-236-12-214.hsd1.pa.comcast.net): 3 times
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
jayanthkoushik:
74.109.254.57 (pool-74-109-254-57.pitbpa.fios.verizon.net): 2 times
kkandasa:
128.2.210.190 (gs13103.sp.cs.cmu.edu): 2 times
sibiv:
128.2.178.16 (gs14416.sp.cs.cmu.edu): 4 times
Received disconnect:
11: Bye Bye : 1288 Time(s)
11: disconnected by user : 11 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.50.116.45 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.253.52.9 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.184.255.173.client.static.strong-mf12.as54203.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.226.243.194 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.130.57 : 1 time(s)
reverse mapping checking getaddrinfo for 190-50-116-45.speedy.com.ar [190.50.116.45] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.96.173.211 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.178.100.107 user=root : 1 time(s)
reverse mapping checking getaddrinfo for id-isp-88-170.ruralnetwork.net [66.232.88.170] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.143.230.70 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.167.10.45 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.122.40.1 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.232.88.170 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.54.225.31 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.139.88.138 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 201-179-237-200.speedy.com.ar [201.179.237.200] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 190-173-130-57.speedy.com.ar [190.173.130.57] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.235.77.243 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.178.30.130 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.179.237.200 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.74.69.145 : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 31 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.117.55.37 : 1 time(s)
reverse mapping checking getaddrinfo for 31.225.54.59.broad.fz.jx.dynamic.163data.com.cn [59.54.225.31] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.84.82.252 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.103.208.122 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.250.65.57 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=a53.sub170.net78.udm.net : 1 time(s)
reverse mapping checking getaddrinfo for 130.30.178.186.static.pichincha.andinanet.net [186.178.30.130] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.13.126.223 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 37.55.117.87.donpac.ru [87.117.55.37] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=1-64-55-231.static.netvigator.com user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.189.198.202 : 1 time(s)
reverse mapping checking getaddrinfo for 201-178-100-107.speedy.com.ar [201.178.100.107] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.107.138.40 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.176.149.120 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.179.40.139 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=static-87-101-65-216.leon.com.pl : 1 time(s)
reverse mapping checking getaddrinfo for 191-81-162-235.speedy.com.ar [191.81.162.235] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.81.162.235 : 1 time(s)
reverse mapping checking getaddrinfo for 190-176-149-120.speedy.com.ar [190.176.149.120] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=118-105-173-42.dz.commufa.jp : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
ipmiutil-3.0.1-1.el6.x86_64
ipmiutil-devel-3.0.1-1.el6.x86_64
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.4G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 53G 116G 32% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list