Logwatch for lake.auton.cs.cmu.edu (Linux)

punosevac72 at gmail.com punosevac72 at gmail.com
Sun Jan 22 03:24:14 EST 2017 

 ################### Logwatch 7.3.6 (05/19/07) #################### 
        Processing Initiated: Sun Jan 22 03:24:14 2017
        Date Range Processed: yesterday
                              ( 2017-Jan-21 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: lake.auton.cs.cmu.edu
  ################################################################## 
 
 --------------------- clam-update Begin ------------------------ 

 Last ClamAV update process started at Sat Jan 21 03:58:37 2017
 
 Last Status:
    main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
    nonblock_connect: connect timing out (30 secs)
    Can't connect to port 80 of host db.local.clamav.net (IP: 64.6.100.177)
    connect_error: getsockopt(SO_ERROR): fd=5 error=111: Connection refused
    Can't connect to port 80 of host db.local.clamav.net (IP: 208.72.56.53)
    Trying host db.local.clamav.net (198.148.78.4)...
    Downloading daily-22917.cdiff [100%]
    Downloading daily-22918.cdiff [100%]
    Downloading daily-22919.cdiff [100%]
    Downloading daily-22920.cdiff [100%]
    Downloading daily-22921.cdiff [100%]
    Downloading daily-22922.cdiff [100%]
    daily.cld updated (version: 22922, sigs: 1411939, f-level: 63, builder: neo)
    Downloading bytecode-287.cdiff [100%]
    Downloading bytecode-288.cdiff [100%]
    [LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.
    Run  'setsebool -P clamd_use_jit on'.
    ERROR: During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied
    WARNING: Database successfully loaded, but there is stderr output
    bytecode.cld updated (version: 288, sigs: 58, f-level: 63, builder: bbaker)
    [LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
    Database updated (5630787 signatures) from db.local.clamav.net (IP: 198.148.78.4)
 
 ---------------------- clam-update End ------------------------- 

 
 --------------------- OpenVPN Begin ------------------------ 

 
 Ciphers used for Authentication:
    Data Channel:
       Decrypt:
          160 bit SHA1 used 24 Time(s)
       Encrypt:
          160 bit SHA1 used 24 Time(s)
 
 Ciphers used for Encryption:
    Data Channel:
       Decrypt:
          256 bit AES-256-CBC used 24 Time(s)
       Encrypt:
          256 bit AES-256-CBC used 24 Time(s)
 
 **Unmatched Entries**
    Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
    VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
    VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
 
 ---------------------- OpenVPN End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 9 Time(s)
       unknown (1.207.63.31): 5 Time(s)
       root (1.207.63.31): 4 Time(s)
       weiyu (gs15640.sp.cs.cmu.edu): 4 Time(s)
       operator (1.207.63.31): 1 Time(s)
       root (112.87.105.163): 1 Time(s)
       root (116.96.200.230): 1 Time(s)
       root (185.153.17.239): 1 Time(s)
       root (189.148.126.161): 1 Time(s)
       root (2-236-236-102.ip235.fastwebnet.it): 1 Time(s)
       root (58.100.85.141): 1 Time(s)
       root (61-230-94-147.dynamic.hinet.net): 1 Time(s)
       weiyu (linux.gp.cs.cmu.edu): 1 Time(s)
    Invalid Users:
       Unknown Account: 5 Time(s)
 
 su:
    Sessions Opened:
       root -> predrag: 2 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- Postfix Begin ------------------------ 

   21.260K  Bytes accepted                            21,770
   21.260K  Bytes delivered                           21,770
 ========   ================================================
 
        4   Accepted                                 100.00%
 --------   ------------------------------------------------
        4   Total                                    100.00%
 ========   ================================================
 
        4   Removed from queue    
        2   Sent via SMTP         
        2   Forwarded             
 
        2   Connection failure (outbound) 
 
 
 
 ---------------------- Postfix End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Disconnecting after too many authentication failures for user:
    root : 7 Time(s)
 
 Failed logins from:
    1.207.63.31: 5 times
    2.236.236.102 (2-236-236-102.ip235.fastwebnet.it): 6 times
    58.100.85.141: 6 times
    61.230.94.147 (61-230-94-147.dynamic.hinet.net): 6 times
    112.87.105.163: 6 times
    116.96.200.230: 6 times
    128.2.213.210 (gs15640.sp.cs.cmu.edu): 1 time
    185.153.17.239: 6 times
    189.148.126.161 (dsl-189-148-126-161-dyn.prod-infinitum.com.mx): 6 times
 
 Illegal users from:
    1.207.63.31: 5 times
 
 Users logging in through sshd:
    benediktb:
       74.98.221.134 (pool-74-98-221-134.pitbpa.fios.verizon.net): 2 times
    jayanthkoushik:
       128.237.204.220: 9 times
    predrag:
       24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 1 time
    weiyu:
       128.2.213.210 (gs15640.sp.cs.cmu.edu): 4 times
       128.2.220.63 (linux.gp.cs.cmu.edu): 1 time
 
 
 Received disconnect:
    11: Bye Bye : 1 Time(s)
    11: disconnected by user : 10 Time(s)
 
 **Unmatched Entries**
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.100.85.141  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2-236-236-102.ip235.fastwebnet.it  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.153.17.239  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.87.105.163  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.96.200.230  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61-230-94-147.dynamic.hinet.net  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=189.148.126.161  user=root : 1 time(s)
 PAM service(sshd) ignoring max retries; 6 > 3 : 7 time(s)
 reverse mapping checking getaddrinfo for dsl-189-148-126-161-dyn.prod-infinitum.com.mx [189.148.126.161] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/mapper/vg_loom-lv_root
                        50G   38G  9.3G  81% /
 /dev/sda1             477M  208M  244M  47% /boot
 /dev/mapper/vg_loom-lv_home
                       178G   50G  119G  30% /home
 
 
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

More information about the Autonlab-sysinfo mailing list