Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Sat Jan 28 03:40:14 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Sat Jan 28 03:40:14 2017
Date Range Processed: yesterday
( 2017-Jan-27 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Fri Jan 27 04:27:05 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22949.cdiff [100%]
Downloading daily-22950.cdiff [100%]
Downloading daily-22951.cdiff [100%]
Downloading daily-22952.cdiff [100%]
daily.cld updated (version: 22952, sigs: 1468608, f-level: 63, builder: neo)
Downloading bytecode-290.cdiff [100%]
[LibClamAV] Bytecode: disabling JIT because SELinux is preventing 'execmem' access.
Run 'setsebool -P clamd_use_jit on'.
ERROR: During database load : LibClamAV Warning: RWX mapping denied: Can't allocate RWX Memory: Permission denied
WARNING: Database successfully loaded, but there is stderr output
bytecode.cld updated (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5687453 signatures) from db.local.clamav.net (IP: 69.163.100.14)
---------------------- clam-update End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Segmentation Faults in these executables
chrome : 3 Time(s)
---------------------- Kernel End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (180.76.172.195): 133 Time(s)
root (180.76.172.195): 36 Time(s)
unknown (113.23.25.127): 7 Time(s)
unknown (45.42.80.14): 5 Time(s)
root (178.254.173.29): 4 Time(s)
mysql (180.76.172.195): 3 Time(s)
postgres (180.76.172.195): 3 Time(s)
root (45.42.80.14): 3 Time(s)
tomcat (180.76.172.195): 3 Time(s)
jayanthkoushik (jayanths-mbp-2.wv.cc.cmu.edu): 2 Time(s)
root (179.88.132.2): 2 Time(s)
root (59.94.11.81): 2 Time(s)
apache (180.76.172.195): 1 Time(s)
bin (180.76.172.195): 1 Time(s)
igitman (pool-74-111-100-11.pitbpa.fios.verizon.net): 1 Time(s)
root (059148121141.ctinets.com): 1 Time(s)
root (109.203.187.68): 1 Time(s)
root (109.203.187.72): 1 Time(s)
root (119.183.147.0): 1 Time(s)
root (122.163.55.89): 1 Time(s)
root (122.174.158.177): 1 Time(s)
root (122.191.219.57): 1 Time(s)
root (122.232.21.177): 1 Time(s)
root (123.132.4.110): 1 Time(s)
root (123.155.113.122): 1 Time(s)
root (140.255.105.106): 1 Time(s)
root (178.214.162.173): 1 Time(s)
root (187.85.230.181): 1 Time(s)
root (191.82.161.77): 1 Time(s)
root (194.219.40.170.dsl.dyn.forthnet.gr): 1 Time(s)
root (210.225.204.207.client.static.strong19.as22781.net): 1 Time(s)
root (213.5.29.86): 1 Time(s)
root (223.244.14.107): 1 Time(s)
root (77.23.187.76): 1 Time(s)
root (host154-52-dynamic.32-79-r.retail.telecomitalia.it): 1 Time(s)
root (khp059137184226.ppp-bb.dion.ne.jp): 1 Time(s)
unknown (103.63.14.119): 1 Time(s)
unknown (123.233.232.128): 1 Time(s)
unknown (178.254.173.29): 1 Time(s)
unknown (190.239.43.107): 1 Time(s)
unknown (200.82.226.255): 1 Time(s)
unknown (46.48.187.105): 1 Time(s)
unknown (60.189.16.99): 1 Time(s)
unknown (85.154.178.168): 1 Time(s)
unknown (a85-15-96-25.pppoe.vtelecom.ru): 1 Time(s)
unknown (host86-168-81-43.range86-168.btcentralplus.com): 1 Time(s)
yjchoe (yjs-macbook-pro.wv.cc.cmu.edu): 1 Time(s)
Invalid Users:
Unknown Account: 200 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
27.241K Bytes accepted 27,895
27.241K Bytes delivered 27,895
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 9 Time(s)
root : 26 Time(s)
Failed logins from:
45.42.80.14: 3 times
59.94.11.81: 12 times
59.137.184.226 (KHP059137184226.ppp-bb.dion.ne.jp): 2 times
59.148.121.141 (059148121141.ctinets.com): 6 times
77.23.187.76 (ip4d17bb4c.dynamic.kabel-deutschland.de): 6 times
79.32.52.154 (host154-52-dynamic.32-79-r.retail.telecomitalia.it): 6 times
109.203.187.68: 6 times
109.203.187.72: 6 times
119.183.147.0: 6 times
122.163.55.89 (abts-north-dynamic-089.55.163.122.airtelbroadband.in): 6 times
122.174.158.177 (abts-tn-dynamic-177.158.174.122.airtelbroadband.in): 6 times
122.191.219.57: 6 times
122.232.21.177: 6 times
123.132.4.110: 6 times
123.155.113.122: 6 times
140.255.105.106: 6 times
178.214.162.173 (pool.luga.net.ua): 6 times
178.254.173.29 (free-173-29.mediaworksit.net): 24 times
179.88.132.2 (179-88-132-2.user.vivozap.com.br): 2 times
180.76.172.195: 47 times
187.85.230.181 (187-85-230-181.user.superitelecom.com.br): 6 times
191.82.161.77 (191-82-161-77.speedy.com.ar): 6 times
194.219.40.170 (194.219.40.170.dsl.dyn.forthnet.gr): 6 times
207.204.225.210 (210.225.204.207.client.static.strong19.as22781.net): 6 times
213.5.29.86: 6 times
223.244.14.107: 6 times
Illegal users from:
45.42.80.14: 5 times
46.48.187.105: 6 times
60.189.16.99 (99.16.189.60.broad.tz.zj.dynamic.163data.com.cn): 6 times
85.15.96.25 (a85-15-96-25.pppoe.vtelecom.ru): 6 times
85.154.178.168: 6 times
86.168.81.43 (host86-168-81-43.range86-168.btcentralplus.com): 1 time
103.63.14.119: 6 times
113.23.25.127: 7 times
123.233.232.128: 6 times
178.254.173.29 (free-173-29.mediaworksit.net): 6 times
180.76.172.195: 133 times
190.239.43.107: 6 times
200.82.226.255: 6 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
128.237.130.56 (MacBook-Pro-10.wv.cc.cmu.edu): 2 times
ckaffine:
98.239.129.163 (c-98-239-129-163.hsd1.pa.comcast.net): 10 times
128.237.207.128: 2 times
igitman:
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 1 time
jayanthkoushik:
128.237.192.46: 2 times
joliva:
73.236.120.122 (c-73-236-120-122.hsd1.wv.comcast.net): 3 times
mbarnes1:
128.237.180.26: 1 time
128.237.190.39: 1 time
predrag:
128.2.176.86 (lama.auton.cs.cmu.edu): 2 times
yjchoe:
128.237.132.88: 1 time
Received disconnect:
11: Bye Bye : 188 Time(s)
11: disconnected by user : 23 Time(s)
SFTP subsystem requests: 2 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.163.55.89 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.239.43.107 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.63.14.119 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=host154-52-dynamic.32-79-r.retail.telecomitalia.it user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.82.161.77 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=059148121141.ctinets.com user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.233.232.128 : 1 time(s)
reverse mapping checking getaddrinfo for pool.luga.net.ua [178.214.162.173] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.82.226.255 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.191.219.57 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.183.147.0 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.255.105.106 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 99.16.189.60.broad.tz.zj.dynamic.163data.com.cn [60.189.16.99] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 179-88-132-2.user.vivozap.com.br [179.88.132.2] failed - POSSIBLE BREAK-IN ATTEMPT! : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.254.173.29 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.5.29.86 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.203.187.72 user=root : 1 time(s)
reverse mapping checking getaddrinfo for free-173-29.mediaworksit.net [178.254.173.29] failed - POSSIBLE BREAK-IN ATTEMPT! : 5 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.174.158.177 user=root : 1 time(s)
reverse mapping checking getaddrinfo for abts-tn-dynamic-177.158.174.122.airtelbroadband.in [122.174.158.177] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 35 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=77.23.187.76 user=root : 1 time(s)
reverse mapping checking getaddrinfo for abts-north-dynamic-089.55.163.122.airtelbroadband.in [122.163.55.89] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=59.94.11.81 user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.155.113.122 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.203.187.68 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.254.173.29 user=root : 4 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.189.16.99 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=210.225.204.207.client.static.strong19.as22781.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.214.162.173 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.232.21.177 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=46.48.187.105 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=a85-15-96-25.pppoe.vtelecom.ru : 1 time(s)
reverse mapping checking getaddrinfo for 187-85-230-181.user.superitelecom.com.br [187.85.230.181] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.154.178.168 : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=khp059137184226.ppp-bb.dion.ne.jp user=root : 1 time(s)
reverse mapping checking getaddrinfo for 191-82-161-77.speedy.com.ar [191.82.161.77] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.85.230.181 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=194.219.40.170.dsl.dyn.forthnet.gr user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.132.4.110 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=223.244.14.107 user=root : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- yum Begin ------------------------
Packages Updated:
globus-gsi-callback-5.13-1.el6.x86_64
globus-gss-assist-10.21-1.el6.x86_64
globus-gsi-cert-utils-9.16-1.el6.x86_64
globus-common-16.9-1.el6.x86_64
firefox-45.7.0-1.el6_8.x86_64
google-chrome-stable-56.0.2924.76-1.x86_64
globus-gsi-openssl-error-3.8-1.el6.x86_64
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.1G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list