Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Thu Jan 26 03:48:12 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Thu Jan 26 03:48:12 2017
Date Range Processed: yesterday
( 2017-Jan-25 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Wed Jan 25 03:22:15 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22941.cdiff [100%]
Downloading daily-22942.cdiff [100%]
Downloading daily-22943.cdiff [100%]
Downloading daily-22944.cdiff [100%]
Downloading daily-22945.cdiff [100%]
daily.cld updated (version: 22945, sigs: 1444236, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 289, sigs: 57, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5663083 signatures) from db.local.clamav.net (IP: 155.98.64.87)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (101.200.82.118): 26 Time(s)
root (198.11.180.193): 24 Time(s)
root (101.200.82.118): 13 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 6 Time(s)
weiyu (gs15640.sp.cs.cmu.edu): 5 Time(s)
elei (gs14440.sp.cs.cmu.edu.wv.cc.cmu.edu): 4 Time(s)
postgres (101.200.82.118): 3 Time(s)
suppe (101.127.74.6): 3 Time(s)
elei (c-71-206-238-214.hsd1.pa.comcast.net): 1 Time(s)
predrag (areas.auton.cs.cmu.edu): 1 Time(s)
root (105.101.162.17): 1 Time(s)
root (116.70.2.97): 1 Time(s)
root (117.223.204.222): 1 Time(s)
root (122.191.117.200): 1 Time(s)
root (125.107.236.228): 1 Time(s)
root (14.114.84.225): 1 Time(s)
root (151.48.92.93): 1 Time(s)
root (165.255.4.42): 1 Time(s)
root (176.125.104.88): 1 Time(s)
root (187-163-167-84.static.axtel.net): 1 Time(s)
root (189.98.227.19): 1 Time(s)
root (190.232.124.217): 1 Time(s)
root (194.44.182.30): 1 Time(s)
root (202.57.162.131): 1 Time(s)
root (213.155.226.17): 1 Time(s)
root (24-177-247-33.dhcp.nwtn.ct.charter.com): 1 Time(s)
root (27.194.170.21): 1 Time(s)
root (27.218.112.173): 1 Time(s)
root (41.211.9.138): 1 Time(s)
root (58.19.144.58): 1 Time(s)
root (89.41.225.154): 1 Time(s)
tomcat (101.200.82.118): 1 Time(s)
unknown (111-250-22-165.dynamic.hinet.net): 1 Time(s)
unknown (116.16.11.152): 1 Time(s)
unknown (147.30.50.12): 1 Time(s)
unknown (168.228.148.48): 1 Time(s)
unknown (175.171.71.39): 1 Time(s)
unknown (191.85.176.215): 1 Time(s)
unknown (218.2.108.2): 1 Time(s)
unknown (60.185.182.242): 1 Time(s)
Invalid Users:
Unknown Account: 74 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
28.741K Bytes accepted 29,431
28.741K Bytes delivered 29,431
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 6 Time(s)
root : 17 Time(s)
ubnt : 1 Time(s)
user : 1 Time(s)
Failed logins from:
14.114.84.225: 6 times
24.177.247.33 (24-177-247-33.dhcp.nwtn.ct.charter.com): 6 times
27.194.170.21: 6 times
27.218.112.173: 6 times
41.211.9.138: 1 time
58.19.144.58: 6 times
89.41.225.154: 6 times
101.127.74.6: 1 time
101.200.82.118: 17 times
105.101.162.17: 6 times
116.70.2.97: 1 time
117.223.204.222: 6 times
122.191.117.200: 6 times
125.107.236.228: 6 times
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
128.2.213.210 (gs15640.sp.cs.cmu.edu): 1 time
151.48.92.93 (adsl-ull-93-92.48-151.wind.it): 6 times
165.255.4.42 (165-255-4-42.ip.adsl.co.za): 6 times
176.125.104.88: 6 times
187.163.167.84 (187-163-167-84.static.axtel.net): 6 times
189.98.227.19 (ip-189-98-227-19.user.vivozap.com.br): 1 time
190.232.124.217: 6 times
194.44.182.30: 6 times
198.11.180.193: 24 times
202.57.162.131 (idc1.clicknext.co.th): 2 times
213.155.226.17 (pc226-17.opanet.cz): 6 times
Illegal users from:
60.185.182.242 (242.182.185.60.broad.zs.zj.dynamic.163data.com.cn): 6 times
101.200.82.118: 26 times
111.250.22.165 (111-250-22-165.dynamic.hinet.net): 6 times
116.16.11.152: 6 times
147.30.50.12: 6 times
168.228.148.48: 6 times
175.171.71.39: 6 times
191.85.176.215: 6 times
218.2.108.2: 6 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
74.98.221.134 (pool-74-98-221-134.pitbpa.fios.verizon.net): 1 time
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 1 time
elei:
128.237.214.137 (GS14440.SP.CS.CMU.EDU.wv.cc.cmu.edu): 7 times
71.206.238.214 (c-71-206-238-214.hsd1.pa.comcast.net): 1 time
128.237.197.91: 1 time
jayanthkoushik:
128.237.184.43 (Jayanths-MBP-2.wv.cc.cmu.edu): 6 times
predrag:
128.2.204.201 (areas.auton.cs.cmu.edu): 6 times
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 4 times
sibiv:
128.2.178.16 (gs14416.sp.cs.cmu.edu): 2 times
suppe:
101.127.74.6: 3 times
weiyu:
128.2.213.210 (gs15640.sp.cs.cmu.edu): 5 times
yifeim:
71.61.58.134 (c-71-61-58-134.hsd1.pa.comcast.net): 4 times
Received disconnect:
11: : 2 Time(s)
11: Bye Bye : 67 Time(s)
11: disconnected by user : 31 Time(s)
Setting tty modes failed:
Invalid argument : 3 Time(s)
SFTP subsystem requests: 12 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=187-163-167-84.static.axtel.net user=root : 1 time(s)
reverse mapping checking getaddrinfo for 165-255-4-42.ip.adsl.co.za [165.255.4.42] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.57.162.131 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.44.182.30 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=24-177-247-33.dhcp.nwtn.ct.charter.com user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=105.101.162.17 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=175.171.71.39 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.41.225.154 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.194.170.21 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.228.148.48 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.16.11.152 : 1 time(s)
reverse mapping checking getaddrinfo for adsl-ull-93-92.48-151.wind.it [151.48.92.93] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=151.48.92.93 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=176.125.104.88 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 25 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.2.108.2 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.232.124.217 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.218.112.173 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.185.182.242 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.191.117.200 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.107.236.228 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.114.84.225 user=root : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.127.74.6 user=suppe : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=147.30.50.12 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=111-250-22-165.dynamic.hinet.net : 1 time(s)
reverse mapping checking getaddrinfo for ip-189-98-227-19.user.vivozap.com.br [189.98.227.19] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.255.4.42 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.155.226.17 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.19.144.58 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.223.204.222 user=root : 1 time(s)
Address 202.57.162.131 maps to idc1.clicknext.co.th, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 242.182.185.60.broad.zs.zj.dynamic.163data.com.cn [60.185.182.242] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.85.176.215 : 1 time(s)
reverse mapping checking getaddrinfo for pc226-17.opanet.cz [213.155.226.17] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
1:java-1.8.0-openjdk-headless-1.8.0.121-0.b13.el6_8.x86_64
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.3G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list