Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Fri Jan 27 03:24:13 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Fri Jan 27 03:24:13 2017
Date Range Processed: yesterday
( 2017-Jan-26 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Thu Jan 26 04:47:07 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 172.110.204.67)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 64.6.100.177)
Trying host db.local.clamav.net (150.214.142.197)...
Downloading daily-22946.cdiff [100%]
Downloading daily-22947.cdiff [100%]
Downloading daily-22948.cdiff [100%]
daily.cld updated (version: 22948, sigs: 1449757, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 289, sigs: 57, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5668604 signatures) from db.local.clamav.net (IP: 150.214.142.197)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
gnome-screensaver:
Authentication Failures:
predrag(1009,1009) on display :0.0: 2 Time(s)
sshd:
Authentication Failures:
unknown (51.15.63.234): 24 Time(s)
root (51.15.63.234): 20 Time(s)
unknown (pgh-nvs-15.iso.cmu.edu): 20 Time(s)
unknown (104.219.168.103): 10 Time(s)
unknown (163.172.112.59): 10 Time(s)
root (pgh-nvs-15.iso.cmu.edu): 9 Time(s)
root (host204-40-dynamic.30-79-r.retail.telecomitalia.it): 4 Time(s)
root (163.172.112.59): 3 Time(s)
ashishb (c-73-236-12-214.hsd1.pa.comcast.net): 2 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 2 Time(s)
jayanthkoushik (pool-74-109-254-57.pitbpa.fios.verizon.net): 2 Time(s)
root (13.94.128.180): 2 Time(s)
root (59.97.237.165): 2 Time(s)
yjchoe (haytham.psy.cmu.edu): 2 Time(s)
ashishb (ashishbajaj.wv.cc.cmu.edu): 1 Time(s)
postgres (104.219.168.103): 1 Time(s)
root (104.219.168.103): 1 Time(s)
root (110.250.152.123): 1 Time(s)
root (116.54.200.100): 1 Time(s)
root (121.228.50.17): 1 Time(s)
root (182.33.80.236): 1 Time(s)
root (218.87.1.93): 1 Time(s)
root (220.123.184.116): 1 Time(s)
root (41.158.211.4): 1 Time(s)
root (47.208.236.30): 1 Time(s)
root (77.87.115.67): 1 Time(s)
root (87.71.17.213): 1 Time(s)
root (cpe-76-180-25-190.buffalo.res.rr.com): 1 Time(s)
root (easyweb.link): 1 Time(s)
unknown (115.196.197.77): 1 Time(s)
unknown (119.182.142.1): 1 Time(s)
unknown (124.82.204.81): 1 Time(s)
unknown (190.13.23.250): 1 Time(s)
unknown (41.97.82.25): 1 Time(s)
unknown (78.188.58.4): 1 Time(s)
unknown (c-76-27-36-144.hsd1.ut.comcast.net): 1 Time(s)
yjchoe (c-24-131-226-168.hsd1.pa.comcast.net): 1 Time(s)
Invalid Users:
Unknown Account: 106 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
26.786K Bytes accepted 27,429
26.786K Bytes delivered 27,429
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
gnome-screensaver-dialog: gkr-pam: unlocked 'login' keyring: 2 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 5 Time(s)
ckaffine : 1 Time(s)
root : 17 Time(s)
support : 2 Time(s)
Failed logins from:
13.94.128.180: 2 times
41.158.211.4: 6 times
47.208.236.30: 6 times
51.15.63.234 (234-63-15-51.rev.cloud.scaleway.com): 20 times
59.97.237.165: 12 times
76.180.25.190 (cpe-76-180-25-190.buffalo.res.rr.com): 6 times
77.87.115.67: 6 times
79.30.40.204 (host204-40-dynamic.30-79-r.retail.telecomitalia.it): 24 times
87.71.17.213: 6 times
104.219.168.103 (snathe.bavehe.review): 2 times
110.250.152.123: 6 times
116.54.200.100 (100.200.54.116.broad.km.yn.dynamic.163data.com.cn): 6 times
121.228.50.17 (17.50.228.121.broad.sz.js.dynamic.163data.com.cn): 6 times
128.2.13.85 (PGH-NVS-15.ISO.CMU.EDU): 9 times
163.172.112.59 (163-172-112-59.rev.poneytelecom.eu): 3 times
178.20.157.206 (easyweb.link): 1 time
182.33.80.236: 6 times
218.87.1.93: 6 times
220.123.184.116: 6 times
Illegal users from:
41.97.82.25: 6 times
51.15.63.234 (234-63-15-51.rev.cloud.scaleway.com): 24 times
76.27.36.144 (c-76-27-36-144.hsd1.ut.comcast.net): 6 times
78.188.58.4 (78.188.58.4.dynamic.ttnet.com.tr): 6 times
104.219.168.103 (snathe.bavehe.review): 10 times
115.196.197.77: 6 times
119.182.142.1: 6 times
124.82.204.81: 6 times
128.2.13.85 (PGH-NVS-15.ISO.CMU.EDU): 20 times
163.172.112.59 (163-172-112-59.rev.poneytelecom.eu): 10 times
190.13.23.250 (190-13-23-250.telebucaramanga.net.co): 6 times
Users logging in through sshd:
ashishb:
73.236.12.214 (c-73-236-12-214.hsd1.pa.comcast.net): 2 times
128.237.174.37: 1 time
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
128.237.177.203: 6 times
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 21 times
128.237.208.48 (android-ecf08ce6f263f473.wv.cc.cmu.edu): 1 time
jayanthkoushik:
74.109.254.57 (pool-74-109-254-57.pitbpa.fios.verizon.net): 2 times
128.237.210.191 (Jayanths-MBP-2.wv.cc.cmu.edu): 2 times
joliva:
67.186.34.202 (c-67-186-34-202.hsd1.pa.comcast.net): 4 times
73.236.120.122 (c-73-236-120-122.hsd1.wv.comcast.net): 1 time
mbarnes1:
73.79.83.141 (c-73-79-83-141.hsd1.pa.comcast.net): 1 time
128.237.136.207: 1 time
ngisolfi:
128.2.178.134 (gs15623.sp.cs.cmu.edu): 1 time
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 1 time
yifeim:
71.61.58.134 (c-71-61-58-134.hsd1.pa.comcast.net): 25 times
yjchoe:
128.2.69.123 (HAYTHAM.PSY.CMU.EDU): 2 times
24.131.226.168 (c-24-131-226-168.hsd1.pa.comcast.net): 1 time
Received disconnect:
11: Bye Bye : 57 Time(s)
11: disconnected by user : 59 Time(s)
3: com.jcraft.jsch.JSchException: Auth fail : 44 Time(s)
Setting tty modes failed:
Invalid argument : 1 Time(s)
SFTP subsystem requests: 1 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.87.115.67 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.33.80.236 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=78.188.58.4 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.13.23.250 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=110.250.152.123 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.54.200.100 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=47.208.236.30 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.87.1.93 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.97.237.165 user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.182.142.1 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.71.17.213 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.97.82.25 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=121.228.50.17 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 190-13-23-250.telebucaramanga.net.co [190.13.23.250] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.158.211.4 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 163-172-112-59.rev.poneytelecom.eu [163.172.112.59] failed - POSSIBLE BREAK-IN ATTEMPT! : 13 time(s)
reverse mapping checking getaddrinfo for 100.200.54.116.broad.km.yn.dynamic.163data.com.cn [116.54.200.100] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host204-40-dynamic.30-79-r.retail.telecomitalia.it user=root : 4 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.196.197.77 : 1 time(s)
Protocol major versions differ for 47.89.184.130: SSH-2.0-OpenSSH_5.3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s)
reverse mapping checking getaddrinfo for 78.188.58.4.dynamic.ttnet.com.tr [78.188.58.4] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=124.82.204.81 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=c-76-27-36-144.hsd1.ut.comcast.net : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.123.184.116 user=root : 1 time(s)
reverse mapping checking getaddrinfo for snathe.bavehe.review [104.219.168.103] failed - POSSIBLE BREAK-IN ATTEMPT! : 12 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=cpe-76-180-25-190.buffalo.res.rr.com user=root : 1 time(s)
reverse mapping checking getaddrinfo for 17.50.228.121.broad.sz.js.dynamic.163data.com.cn [121.228.50.17] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 234-63-15-51.rev.cloud.scaleway.com [51.15.63.234] failed - POSSIBLE BREAK-IN ATTEMPT! : 44 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 24 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.3G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list