Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Wed Jan 25 03:11:17 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Wed Jan 25 03:11:17 2017
Date Range Processed: yesterday
( 2017-Jan-24 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Tue Jan 24 03:54:28 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 207.57.106.31)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 128.199.133.36)
Trying host db.local.clamav.net (64.22.33.90)...
Downloading daily-22935.cdiff [100%]
Downloading daily-22936.cdiff [100%]
Downloading daily-22937.cdiff [100%]
Downloading daily-22938.cdiff [100%]
Downloading daily-22939.cdiff [100%]
Downloading daily-22940.cdiff [100%]
daily.cld updated (version: 22940, sigs: 1431690, f-level: 63, builder: neo)
Downloading bytecode-289.cdiff [100%]
[LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.
Run 'setsebool -P clamd_use_jit on'.
ERROR: During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied
WARNING: Database successfully loaded, but there is stderr output
bytecode.cld updated (version: 289, sigs: 57, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5650537 signatures) from db.local.clamav.net (IP: 64.22.33.90)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 10 Time(s)
jayanthkoushik (pool-74-109-254-57.pitbpa.fios.verizon.net): 6 Time(s)
igitman (igor-ubuntu.wv.cc.cmu.edu): 4 Time(s)
jayanthkoushik (172.25.7.55): 4 Time(s)
rrabbany (128.237.197.194): 3 Time(s)
kburleigh (macbook-pro-6.dhcp.lbnl.us): 2 Time(s)
igitman (128.237.180.250): 1 Time(s)
igitman (pool-74-111-100-11.pitbpa.fios.verizon.net): 1 Time(s)
root (101.64.217.126): 1 Time(s)
root (103.66.162.146): 1 Time(s)
root (115.209.36.115): 1 Time(s)
root (121.227.24.87): 1 Time(s)
root (122.241.142.34): 1 Time(s)
root (125.124.33.28): 1 Time(s)
root (168.195.1.87): 1 Time(s)
root (177.126.232.42): 1 Time(s)
root (177.129.243.214): 1 Time(s)
root (182.243.120.114): 1 Time(s)
root (182.74.239.174): 1 Time(s)
root (182.77.123.63): 1 Time(s)
root (187-40-47-23.user.veloxzone.com.br): 1 Time(s)
root (191.253.5.59): 1 Time(s)
root (27-32-136-203.static.tpgi.com.au): 1 Time(s)
root (27.2.170.218): 1 Time(s)
root (27.54.179.35): 1 Time(s)
root (39.190.118.133): 1 Time(s)
root (82.178.234.91): 1 Time(s)
root (87-121-65-71.telecablenet.com): 1 Time(s)
root (95.6.68.195): 1 Time(s)
root (the2265079.lnk.telstra.net): 1 Time(s)
unknown (109.203.187.68): 1 Time(s)
unknown (177.126.131.234): 1 Time(s)
unknown (183.249.42.1): 1 Time(s)
unknown (185.153.17.214): 1 Time(s)
unknown (212.55.94.51): 1 Time(s)
Invalid Users:
Unknown Account: 30 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
21.239K Bytes accepted 21,749
21.239K Bytes delivered 21,749
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 4 Time(s)
biz : 1 Time(s)
root : 20 Time(s)
Failed logins from:
27.2.170.218: 6 times
27.32.136.203 (27-32-136-203.static.tpgi.com.au): 6 times
27.54.179.35 (undefined.hostname.localhost): 6 times
39.190.118.133: 6 times
82.178.234.91: 6 times
87.121.65.71 (87-121-65-71.telecablenet.com): 6 times
95.6.68.195 (95.6.68.195.static.ttnet.com.tr): 6 times
101.64.217.126: 6 times
103.66.162.146: 6 times
115.209.36.115: 6 times
120.151.85.71 (the2265079.lnk.telstra.net): 6 times
121.227.24.87 (87.24.227.121.broad.sz.js.dynamic.163data.com.cn): 6 times
122.241.142.34: 6 times
125.124.33.28: 6 times
128.237.180.250: 1 time
168.195.1.87: 1 time
177.126.232.42 (177-126-232-42.city10.com.br): 6 times
177.129.243.214 (dynamic-243-214.infopardall.com.br): 6 times
182.74.239.174: 6 times
182.77.123.63 (abts-mum-dynamic-63.123.77.182.airtelbroadband.in): 6 times
182.243.120.114: 1 time
187.40.47.23 (187-40-47-23.user.veloxzone.com.br): 6 times
191.253.5.59 (wlan-191-253-5-59.clickrede.com.br): 6 times
198.128.196.35: 3 times
Illegal users from:
109.203.187.68: 6 times
177.126.131.234: 6 times
183.249.42.1: 6 times
185.153.17.214: 6 times
212.55.94.51 (212-55-94-51.dynamic-pool.mclaut.net): 6 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
128.237.200.211: 25 times
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 2 times
igitman:
128.237.180.250: 5 times
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 1 time
jayanthkoushik:
74.109.254.57 (pool-74-109-254-57.pitbpa.fios.verizon.net): 6 times
128.237.192.221: 5 times
128.237.206.22 (Jayanths-MBP-2.wv.cc.cmu.edu): 5 times
128.2.204.201 (areas.auton.cs.cmu.edu): 4 times
172.25.7.55: 4 times
kburleigh:
198.128.196.35: 1 time
mbarnes1:
128.237.207.184: 1 time
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 3 times
rrabbany:
128.237.197.194: 3 times
yifeim:
71.61.58.134 (c-71-61-58-134.hsd1.pa.comcast.net): 2 times
Received disconnect:
11: disconnected by user : 56 Time(s)
Setting tty modes failed:
Invalid argument : 3 Time(s)
SFTP subsystem requests: 2 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.209.36.115 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.2.170.218 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.77.123.63 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.126.232.42 user=root : 1 time(s)
reverse mapping checking getaddrinfo for wlan-191-253-5-59.clickrede.com.br [191.253.5.59] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=212.55.94.51 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=27-32-136-203.static.tpgi.com.au user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=95.6.68.195 user=root : 1 time(s)
reverse mapping checking getaddrinfo for undefined.hostname.localhost [27.54.179.35] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.249.42.1 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=187-40-47-23.user.veloxzone.com.br user=root : 1 time(s)
reverse mapping checking getaddrinfo for 177-126-232-42.city10.com.br [177.126.232.42] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.64.217.126 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 95.6.68.195.static.ttnet.com.tr [95.6.68.195] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=39.190.118.133 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.66.162.146 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.253.5.59 user=root : 1 time(s)
Address 128.237.180.250 maps to simonesesiphone.wv.cc.cmu.edu, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 212-55-94-51.dynamic-pool.mclaut.net [212.55.94.51] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 25 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.126.131.234 : 1 time(s)
reverse mapping checking getaddrinfo for gs13068.sp.cs.cmu.edu.wv.cc.cmu.edu [128.237.207.184] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.241.142.34 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.227.24.87 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=82.178.234.91 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.54.179.35 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.124.33.28 user=root : 1 time(s)
reverse mapping checking getaddrinfo for deepkhoras.wv.cc.cmu.edu [128.237.197.194] failed - POSSIBLE BREAK-IN ATTEMPT! : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.153.17.214 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=87-121-65-71.telecablenet.com user=root : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=igor-ubuntu.wv.cc.cmu.edu user=igitman : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=the2265079.lnk.telstra.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.129.243.214 user=root : 1 time(s)
reverse mapping checking getaddrinfo for dynamic-243-214.infopardall.com.br [177.129.243.214] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.203.187.68 : 1 time(s)
reverse mapping checking getaddrinfo for abts-mum-dynamic-63.123.77.182.airtelbroadband.in [182.77.123.63] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=macbook-pro-6.dhcp.lbnl.us user=kburleigh : 2 time(s)
reverse mapping checking getaddrinfo for 87.24.227.121.broad.sz.js.dynamic.163data.com.cn [121.227.24.87] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.74.239.174 user=root : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.2G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list