Logwatch for lake.auton.cs.cmu.edu (Linux)

punosevac72 at gmail.com punosevac72 at gmail.com
Sat Jan 21 03:51:14 EST 2017 

 ################### Logwatch 7.3.6 (05/19/07) #################### 
        Processing Initiated: Sat Jan 21 03:51:14 2017
        Date Range Processed: yesterday
                              ( 2017-Jan-20 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: lake.auton.cs.cmu.edu
  ################################################################## 
 
 --------------------- clam-update Begin ------------------------ 

 Last ClamAV update process started at Fri Jan 20 03:50:49 2017
 
 Last Status:
    main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host db.local.clamav.net (IP: 209.198.147.20)
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host db.local.clamav.net (IP: 104.131.196.175)
    Trying host db.local.clamav.net (194.186.47.19)...
    Downloading daily-22914.cdiff [100%]
    Downloading daily-22915.cdiff [100%]
    Downloading daily-22916.cdiff [100%]
    daily.cld updated (version: 22916, sigs: 1400554, f-level: 63, builder: neo)
    Downloading bytecode-286.cdiff [100%]
    [LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.
    Run  'setsebool -P clamd_use_jit on'.
    ERROR: During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied
    WARNING: Database successfully loaded, but there is stderr output
    bytecode.cld updated (version: 286, sigs: 57, f-level: 63, builder: raynman)
    [LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
    Database updated (5619401 signatures) from db.local.clamav.net (IP: 194.186.47.19)
 
 ---------------------- clam-update End ------------------------- 

 
 --------------------- Kernel Begin ------------------------ 

 
 WARNING:  Segmentation Faults in these executables
    chrome :  9 Time(s)
 
 ---------------------- Kernel End ------------------------- 

 
 --------------------- OpenVPN Begin ------------------------ 

 
 Ciphers used for Authentication:
    Data Channel:
       Decrypt:
          160 bit SHA1 used 24 Time(s)
       Encrypt:
          160 bit SHA1 used 24 Time(s)
 
 Ciphers used for Encryption:
    Data Channel:
       Decrypt:
          256 bit AES-256-CBC used 24 Time(s)
       Encrypt:
          256 bit AES-256-CBC used 24 Time(s)
 
 **Unmatched Entries**
    Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
    VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
    VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
 
 ---------------------- OpenVPN End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 106 Time(s)
       igitman (128.237.133.100): 6 Time(s)
       rrabbany (deepkhoras.wv.cc.cmu.edu): 3 Time(s)
       root (168.227.90.10): 2 Time(s)
       root (181-33-122-138.mundialnetprovedor.com.br): 1 Time(s)
       root (182.132.24.80): 1 Time(s)
       root (2.191.74.148): 1 Time(s)
       root (201.62.56.220): 1 Time(s)
       root (61.164.46.188): 1 Time(s)
       root (78.111.25.73): 1 Time(s)
       root (cust225-174.nwewn.com): 1 Time(s)
       unknown (222.120.242.44): 1 Time(s)
       unknown (36.110.141.115): 1 Time(s)
    Invalid Users:
       Unknown Account: 12 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   22.686K  Bytes accepted                            23,230
   22.686K  Bytes delivered                           23,230
 ========   ================================================
 
        4   Accepted                                 100.00%
 --------   ------------------------------------------------
        4   Total                                    100.00%
 ========   ================================================
 
        4   Removed from queue    
        2   Sent via SMTP         
        2   Forwarded             
 
        2   Connection failure (outbound) 
 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    admin : 1 Time(s)
    root : 9 Time(s)
    ubnt : 1 Time(s)
 
 Failed logins from:
    2.191.74.148: 6 times
    61.164.46.188: 6 times
    78.111.25.73: 6 times
    78.155.225.174 (cust225-174.nwewn.com): 6 times
    128.237.204.220: 5 times
    138.122.33.181 (181-33-122-138.mundialnetprovedor.com.br): 6 times
    168.227.90.10 (dinamico.telnets.com.br): 12 times
    182.132.24.80: 6 times
    201.62.56.220 (static-201-62-56-220.v4.naclick.com.br): 6 times
 
 Illegal users from:
    36.110.141.115: 6 times
    222.120.242.44: 6 times
 
 Users logging in through sshd:
    backup:
       128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
    ckaffine:
       98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 3 times
    igitman:
       128.237.133.100: 6 times
    jayanthkoushik:
       128.237.204.220: 102 times
       ::1 (localhost): 1 time
    mbarnes1:
       73.79.83.141 (c-73-79-83-141.hsd1.pa.comcast.net): 3 times
       128.237.177.180: 1 time
       128.237.214.241: 1 time
    predrag:
       24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 2 times
    rrabbany:
       128.237.143.65: 3 times
 
 
 Received disconnect:
    11: disconnected by user : 105 Time(s)
 
 Setting tty modes failed:
    Invalid argument : 1 Time(s)
 
 SFTP subsystem requests: 3 Time(s)
 
 **Unmatched Entries**
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.191.74.148  user=root : 1 time(s)
 error: connect_to localhost port 9999: failed. : 1 time(s)
 error: connect_to 127.0.0.1 port 9999: failed. : 6 time(s)
 error: connect_to jayanthkoushik at bash.autonlab.org: unknown host (Name or service not known) : 1 time(s)
 PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=jayanths-mbp-2.wv.cc.cmu.edu  user=jayanthkoushik : 1 time(s)
 reverse mapping checking getaddrinfo for igor-ubuntu.wv.cc.cmu.edu [128.237.133.100] failed - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.110.141.115  : 1 time(s)
 error: connect_to jayanthkoushik at gpu1.int.autonlab.org: unknown host (Name or service not known) : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.120.242.44  : 1 time(s)
 reverse mapping checking getaddrinfo for dinamico.telnets.com.br [168.227.90.10] failed - POSSIBLE BREAK-IN ATTEMPT! : 2 time(s)
 error: connect_to .int.autonlab.org: unknown host (Name or service not known) : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.111.25.73  user=root : 1 time(s)
 reverse mapping checking getaddrinfo for static-201-62-56-220.v4.naclick.com.br [201.62.56.220] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
 error: connect_to bash.autonlab.org port 9999: failed. : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=181-33-122-138.mundialnetprovedor.com.br  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.164.46.188  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.132.24.80  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.227.90.10  user=root : 2 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.62.56.220  user=root : 1 time(s)
 PAM service(sshd) ignoring max retries; 6 > 3 : 11 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=cust225-174.nwewn.com  user=root : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Sudo (secure-log) Begin ------------------------ 

 
 ==============================================================================
 
 backup => root
 --------------
 /usr/bin/rsync - 1 Times.
 
 ---------------------- Sudo (secure-log) End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/mapper/vg_loom-lv_root
                        50G   38G  9.3G  81% /
 /dev/sda1             477M  208M  244M  47% /boot
 /dev/mapper/vg_loom-lv_home
                       178G   50G  119G  30% /home
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

More information about the Autonlab-sysinfo mailing list