Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Fri Jan 20 03:21:13 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Fri Jan 20 03:21:13 2017
Date Range Processed: yesterday
( 2017-Jan-19 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Thu Jan 19 03:43:02 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22913.cdiff [100%]
daily.cld updated (version: 22913, sigs: 1381786, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 285, sigs: 57, f-level: 63, builder: bbaker)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5600633 signatures) from db.local.clamav.net (IP: 69.163.100.14)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (pgh-nvs-13.iso.cmu.edu): 20 Time(s)
root (ec2-54-164-143-25.compute-1.amazonaws.com): 15 Time(s)
unknown (ec2-54-164-143-25.compute-1.amazonaws.com): 14 Time(s)
root (pgh-nvs-13.iso.cmu.edu): 9 Time(s)
cnagpal (desktop-v557uo3.wv.cc.cmu.edu): 4 Time(s)
igitman (128.237.142.35): 3 Time(s)
rrabbany (deepkhoras.wv.cc.cmu.edu): 3 Time(s)
igitman (igor-ubuntu.wv.cc.cmu.edu): 2 Time(s)
igitman (pool-74-111-100-11.pitbpa.fios.verizon.net): 2 Time(s)
root (202.144.50.94): 2 Time(s)
apache (ec2-54-164-143-25.compute-1.amazonaws.com): 1 Time(s)
operator (ec2-54-164-143-25.compute-1.amazonaws.com): 1 Time(s)
predrag (horae.auton.cs.cmu.edu): 1 Time(s)
root (112.101.160.100): 1 Time(s)
root (115.195.55.243): 1 Time(s)
root (115.213.155.158): 1 Time(s)
root (122.242.60.192): 1 Time(s)
root (177.221.101.29): 1 Time(s)
root (185.153.18.169): 1 Time(s)
root (186.29.233.220.static.exetel.com.au): 1 Time(s)
root (191.211.56.54): 1 Time(s)
root (99-17-83-224.lightspeed.knvltn.sbcglobal.net): 1 Time(s)
unknown (125.122.222.29): 1 Time(s)
unknown (144.0.241.198): 1 Time(s)
unknown (24-29-219-138.jebnet.com.br): 1 Time(s)
unknown (42.101.134.133): 1 Time(s)
unknown (58.49.217.112): 1 Time(s)
unknown (host-80-81-22-85.customer.m-online.net): 1 Time(s)
Invalid Users:
Unknown Account: 70 Time(s)
su:
Sessions Opened:
root -> predrag: 2 Time(s)
su-l:
Authentication Failures:
predrag(1009) -> root: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
24.855K Bytes accepted 25,452
24.855K Bytes delivered 25,452
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
2 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 5 Time(s)
ncuser : 1 Time(s)
root : 7 Time(s)
Failed logins from:
54.164.143.25 (ec2-54-164-143-25.compute-1.amazonaws.com): 17 times
99.17.83.224 (99-17-83-224.lightspeed.knvltn.sbcglobal.net): 6 times
112.101.160.100: 6 times
115.195.55.243: 6 times
115.213.155.158: 6 times
122.242.60.192: 6 times
128.2.13.83 (PGH-NVS-13.ISO.CMU.EDU): 9 times
128.2.204.171 (horae.auton.cs.cmu.edu): 1 time
128.237.142.35: 1 time
177.221.101.29: 1 time
185.153.18.169: 6 times
191.211.56.54 (191-211-56-54.user.vivozap.com.br): 1 time
202.144.50.94 (lan-202-144-50-94.maa.sify.net): 2 times
220.233.29.186 (186.29.233.220.static.exetel.com.au): 6 times
Illegal users from:
42.101.134.133: 6 times
54.164.143.25 (ec2-54-164-143-25.compute-1.amazonaws.com): 14 times
58.49.217.112: 6 times
80.81.22.85 (host-80-81-22-85.customer.m-online.net): 6 times
125.122.222.29: 6 times
128.2.13.83 (PGH-NVS-13.ISO.CMU.EDU): 20 times
138.219.29.24 (24-29-219-138.jebnet.com.br): 6 times
144.0.241.198: 6 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
128.237.202.76: 4 times
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 3 times
cnagpal:
128.237.207.200: 4 times
igitman:
128.237.142.35: 5 times
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 2 times
mbarnes1:
128.237.219.184: 2 times
73.79.83.141 (c-73-79-83-141.hsd1.pa.comcast.net): 1 time
ngisolfi:
128.2.178.134 (gs15623.sp.cs.cmu.edu): 3 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 17 times
128.2.204.171 (horae.auton.cs.cmu.edu): 5 times
128.2.204.54 (LOCK.AUTON.CS.CMU.EDU): 4 times
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 1 time
rrabbany:
128.237.179.218: 3 times
Received disconnect:
11: Bye Bye : 5 Time(s)
11: disconnected by user : 40 Time(s)
3: com.jcraft.jsch.JSchException: Auth fail : 31 Time(s)
Setting tty modes failed:
Invalid argument : 16 Time(s)
SFTP subsystem requests: 11 Time(s)
**Unmatched Entries**
reverse mapping checking getaddrinfo for lan-202-144-50-94.maa.sify.net [202.144.50.94] failed - POSSIBLE BREAK-IN ATTEMPT! : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.29.233.220.static.exetel.com.au user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.101.134.133 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host-80-81-22-85.customer.m-online.net : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.101.160.100 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=144.0.241.198 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.195.55.243 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 191-211-56-54.user.vivozap.com.br [191.211.56.54] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=igor-ubuntu.wv.cc.cmu.edu user=igitman : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.242.60.192 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.122.222.29 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24-29-219-138.jebnet.com.br : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.213.155.158 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=99-17-83-224.lightspeed.knvltn.sbcglobal.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.153.18.169 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.49.217.112 : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 13 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.4G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list