Logwatch for lake.auton.cs.cmu.edu (Linux)

Mon Jan 23 04:48:17 EST 2017

 ################### Logwatch 7.3.6 (05/19/07) #################### 
        Processing Initiated: Mon Jan 23 04:48:17 2017
        Date Range Processed: yesterday
                              ( 2017-Jan-22 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: lake.auton.cs.cmu.edu
  ################################################################## 

 --------------------- clam-update Begin ------------------------ 

 Last ClamAV update process started at Sun Jan 22 04:19:13 2017

 Last Status:
    main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
    Downloading daily-22923.cdiff [100%]
    Downloading daily-22924.cdiff [100%]
    Downloading daily-22925.cdiff [100%]
    Downloading daily-22926.cdiff [100%]
    Downloading daily-22927.cdiff [100%]
    Downloading daily-22928.cdiff [100%]
    daily.cld updated (version: 22928, sigs: 1416998, f-level: 63, builder: neo)
    bytecode.cld is up to date (version: 288, sigs: 58, f-level: 63, builder: bbaker)
    [LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
    Database updated (5635846 signatures) from db.local.clamav.net (IP: 200.236.31.1)

 ---------------------- clam-update End ------------------------- 

 --------------------- OpenVPN Begin ------------------------ 

 Ciphers used for Authentication:
    Data Channel:
       Decrypt:
          160 bit SHA1 used 24 Time(s)
       Encrypt:
          160 bit SHA1 used 24 Time(s)

 Ciphers used for Encryption:
    Data Channel:
       Decrypt:
          256 bit AES-256-CBC used 24 Time(s)
       Encrypt:
          256 bit AES-256-CBC used 24 Time(s)

 **Unmatched Entries**
    Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
    VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
    VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)

 ---------------------- OpenVPN End ------------------------- 

 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (h95-155-198-241.cust.se.alltele.net): 4 Time(s)
       jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 3 Time(s)
       root (ip-50-62-147-76.ip.secureserver.net): 3 Time(s)
       unknown (ip-50-62-147-76.ip.secureserver.net): 3 Time(s)
       weiyu (gs15640.sp.cs.cmu.edu): 3 Time(s)
       predrag (dynamic-acs-24-154-54-187.zoominternet.net): 1 Time(s)
       root (110.155.159.115): 1 Time(s)
       root (111.72.0.35): 1 Time(s)
       root (182.44.25.161): 1 Time(s)
       root (183.93.249.36): 1 Time(s)
       root (191.23.150.235): 1 Time(s)
       root (202.57.162.131): 1 Time(s)
       root (213-151-228-254.static.orange.sk): 1 Time(s)
       root (46.10.227.119): 1 Time(s)
       root (59.111.121.79): 1 Time(s)
       root (95-24-155-207.broadband.corbina.ru): 1 Time(s)
       root (p2e53f7a0.dip0.t-ipconnect.de): 1 Time(s)
       root (p5b276719.dip0.t-ipconnect.de): 1 Time(s)
       unknown (123.143.76.34): 1 Time(s)
       unknown (138.219.254.157): 1 Time(s)
       unknown (186.167.33.163): 1 Time(s)
    Invalid Users:
       Unknown Account: 21 Time(s)

 su:
    Sessions Opened:
       root -> predrag: 5 Time(s)

 ---------------------- pam_unix End ------------------------- 

 --------------------- Postfix Begin ------------------------ 

   17.322K  Bytes accepted                            17,738
   17.322K  Bytes delivered                           17,738
 ========   ================================================

        4   Accepted                                 100.00%
 --------   ------------------------------------------------
        4   Total                                    100.00%
 ========   ================================================

        4   Removed from queue    
        2   Sent via SMTP         
        2   Forwarded             

        2   Connection failure (outbound) 

 ---------------------- Postfix End ------------------------- 

 --------------------- SSHD Begin ------------------------ 

 Disconnecting after too many authentication failures for user:
    admin : 2 Time(s)
    mother : 1 Time(s)
    root : 13 Time(s)

 Failed logins from:
    24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 1 time
    46.10.227.119 (46-10-227-119.ip.btc-net.bg): 6 times
    46.83.247.160 (p2E53F7A0.dip0.t-ipconnect.de): 6 times
    50.62.147.76 (ip-50-62-147-76.ip.secureserver.net): 7 times
    59.111.121.79: 6 times
    91.39.103.25 (p5B276719.dip0.t-ipconnect.de): 6 times
    95.24.155.207 (95-24-155-207.broadband.corbina.ru): 6 times
    95.155.198.241 (h95-155-198-241.cust.se.alltele.net): 24 times
    110.155.159.115: 6 times
    111.72.0.35: 6 times
    182.44.25.161: 6 times
    183.93.249.36: 6 times
    191.23.150.235 (191-23-150-235.user.vivozap.com.br): 1 time
    202.57.162.131 (idc1.clicknext.co.th): 2 times
    213.151.228.254 (213-151-228-254.static.orange.sk): 1 time

 Illegal users from:
    50.62.147.76 (ip-50-62-147-76.ip.secureserver.net): 3 times
    123.143.76.34: 6 times
    138.219.254.157 (254.219.138.157-rev.arobanet.com): 6 times
    186.167.33.163: 6 times

 Users logging in through sshd:
    benediktb:
       74.98.221.134 (pool-74-98-221-134.pitbpa.fios.verizon.net): 1 time
    jayanthkoushik:
       128.237.137.248: 3 times
    mbarnes1:
       67.171.72.57 (c-67-171-72-57.hsd1.pa.comcast.net): 1 time
    predrag:
       24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 5 times
    weiyu:
       128.2.213.210 (gs15640.sp.cs.cmu.edu): 3 times

 Received disconnect:
    11: Bye Bye : 5 Time(s)
    11: disconnected by user : 12 Time(s)

 Setting tty modes failed:
    Invalid argument : 1 Time(s)

 SFTP subsystem requests: 2 Time(s)

 **Unmatched Entries**
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.111.121.79  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.10.227.119  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=p2e53f7a0.dip0.t-ipconnect.de  user=root : 1 time(s)
 PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.57.162.131  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=95-24-155-207.broadband.corbina.ru  user=root : 1 time(s)
 reverse mapping checking getaddrinfo for 191-23-150-235.user.vivozap.com.br [191.23.150.235] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.72.0.35  user=root : 1 time(s)
 PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=ip-50-62-147-76.ip.secureserver.net  user=root : 2 time(s)
 reverse mapping checking getaddrinfo for 46-10-227-119.ip.btc-net.bg [46.10.227.119] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=p5b276719.dip0.t-ipconnect.de  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.155.159.115  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.219.254.157  : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=h95-155-198-241.cust.se.alltele.net  user=root : 4 time(s)
 Address 202.57.162.131 maps to idc1.clicknext.co.th, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.143.76.34  : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.93.249.36  user=root : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.44.25.161  user=root : 1 time(s)
 reverse mapping checking getaddrinfo for 254.219.138.157-rev.arobanet.com [138.219.254.157] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
 PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.167.33.163  : 1 time(s)
 PAM service(sshd) ignoring max retries; 6 > 3 : 16 time(s)

 ---------------------- SSHD End ------------------------- 

 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/mapper/vg_loom-lv_root
                        50G   38G  9.2G  81% /
 /dev/sda1             477M  208M  244M  47% /boot
 /dev/mapper/vg_loom-lv_home
                       178G   50G  119G  30% /home

 ---------------------- Disk Space End ------------------------- 

 ###################### Logwatch End ######################### 