Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Tue Jan 24 03:15:17 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Tue Jan 24 03:15:17 2017
Date Range Processed: yesterday
( 2017-Jan-23 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Mon Jan 23 05:45:38 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 64.6.100.177)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 172.110.204.67)
Trying host db.local.clamav.net (150.214.142.197)...
Downloading daily-22929.cdiff [100%]
Downloading daily-22930.cdiff [100%]
Downloading daily-22931.cdiff [100%]
Downloading daily-22932.cdiff [100%]
Downloading daily-22933.cdiff [100%]
Downloading daily-22934.cdiff [100%]
daily.cld updated (version: 22934, sigs: 1418062, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 288, sigs: 58, f-level: 63, builder: bbaker)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5636910 signatures) from db.local.clamav.net (IP: 150.214.142.197)
---------------------- clam-update End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
chrome : 3 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (177-59-13-146.3g.claro.net.br): 28 Time(s)
unknown (177-59-13-146.3g.claro.net.br): 19 Time(s)
unknown (64.71.162.34): 15 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 8 Time(s)
root (46.102.116.63): 3 Time(s)
igitman (igor-ubuntu.wv.cc.cmu.edu): 2 Time(s)
unknown (46.102.116.63): 2 Time(s)
ftp (46.102.116.63): 1 Time(s)
lujiec (late.auton.cs.cmu.edu): 1 Time(s)
mysql (46.102.116.63): 1 Time(s)
root (168.228.151.232): 1 Time(s)
root (183.93.248.31): 1 Time(s)
root (222.164.222.144): 1 Time(s)
root (222.220.99.51): 1 Time(s)
root (58.19.145.223): 1 Time(s)
root (60.185.214.232): 1 Time(s)
root (61.146.242.92): 1 Time(s)
root (64.71.162.34): 1 Time(s)
root (c-73-231-126-185.hsd1.ca.comcast.net): 1 Time(s)
unknown (112.250.243.182): 1 Time(s)
unknown (c-50-185-237-194.hsd1.ca.comcast.net): 1 Time(s)
weiyu (gs15640.sp.cs.cmu.edu): 1 Time(s)
Invalid Users:
Unknown Account: 48 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
20.865K Bytes accepted 21,366
20.865K Bytes delivered 21,366
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
2 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 1 Time(s)
root : 8 Time(s)
user : 1 Time(s)
Failed logins from:
46.102.116.63 (63-116-102-46.hostmag.ro): 5 times
58.19.145.223: 6 times
60.185.214.232 (232.214.185.60.broad.zs.zj.dynamic.163data.com.cn): 6 times
61.146.242.92: 6 times
64.71.162.34 (cloudzilla.gigabitethernet4-1.core2.fmt1.he.net): 1 time
73.231.126.185 (c-73-231-126-185.hsd1.ca.comcast.net): 6 times
128.237.129.104: 1 time
168.228.151.232: 6 times
177.59.13.146 (177-59-13-146.3g.claro.net.br): 28 times
183.93.248.31: 6 times
222.164.222.144 (144.222.164.222.starhub.net.sg): 6 times
222.220.99.51: 6 times
Illegal users from:
46.102.116.63 (63-116-102-46.hostmag.ro): 2 times
50.185.237.194 (c-50-185-237-194.hsd1.ca.comcast.net): 6 times
64.71.162.34 (cloudzilla.gigabitethernet4-1.core2.fmt1.he.net): 15 times
112.250.243.182: 6 times
177.59.13.146 (177-59-13-146.3g.claro.net.br): 19 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
74.98.221.134 (pool-74-98-221-134.pitbpa.fios.verizon.net): 5 times
128.237.179.206: 5 times
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 2 times
igitman:
128.237.129.104: 2 times
jayanthkoushik:
128.237.192.221: 8 times
lujiec:
128.2.182.178 (late.auton.cs.cmu.edu): 1 time
predrag:
128.2.204.201 (areas.auton.cs.cmu.edu): 5 times
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 3 times
128.2.177.47 (lake.auton.cs.cmu.edu): 1 time
root:
128.2.177.47 (lake.auton.cs.cmu.edu): 3 times
weiyu:
128.2.213.210 (gs15640.sp.cs.cmu.edu): 1 time
Received disconnect:
11: Bye Bye : 69 Time(s)
11: disconnected by user : 32 Time(s)
SFTP subsystem requests: 6 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.93.248.31 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.164.222.144 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 63-116-102-46.hostmag.ro [46.102.116.63] failed - POSSIBLE BREAK-IN ATTEMPT! : 7 time(s)
reverse mapping checking getaddrinfo for cloudzilla.gigabitethernet4-1.core2.fmt1.he.net [64.71.162.34] failed - POSSIBLE BREAK-IN ATTEMPT! : 16 time(s)
reverse mapping checking getaddrinfo for 144.222.164.222.starhub.net.sg [222.164.222.144] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.250.243.182 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.146.242.92 user=root : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gs15640.sp.cs.cmu.edu user=weiyu : 1 time(s)
reverse mapping checking getaddrinfo for 232.214.185.60.broad.zs.zj.dynamic.163data.com.cn [60.185.214.232] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-73-231-126-185.hsd1.ca.comcast.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.185.214.232 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.220.99.51 user=root : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=igor-ubuntu.wv.cc.cmu.edu user=igitman : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.19.145.223 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.151.232 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-50-185-237-194.hsd1.ca.comcast.net : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 10 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- yum Begin ------------------------
Packages Installed:
moreutils-0.40-1.el6.x86_64
perl-Time-Duration-1.06-4.puias6.noarch
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.2G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list