Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Sun Jan 29 03:46:15 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Sun Jan 29 03:46:15 2017
Date Range Processed: yesterday
( 2017-Jan-28 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Sat Jan 28 03:52:42 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
nonblock_connect: connect timing out (30 secs)
Can't connect to port 80 of host db.local.clamav.net (IP: 209.198.147.20)
Downloading daily-22953.cdiff [100%]
Downloading daily-22954.cdiff [100%]
Downloading daily-22955.cdiff [100%]
Downloading daily-22956.cdiff [100%]
Downloading daily-22957.cdiff [100%]
Downloading daily-22958.cdiff [100%]
daily.cld updated (version: 22958, sigs: 1477638, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5696483 signatures) from db.local.clamav.net (IP: 104.131.196.175)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
unknown (139.217.20.93): 10 Time(s)
root (2.177.230.183): 4 Time(s)
root (139.217.20.93): 3 Time(s)
root (89.248.168.156): 3 Time(s)
igitman (pool-74-111-100-11.pitbpa.fios.verizon.net): 2 Time(s)
root (116.227.204.207.client.static.strong20.as22781.net): 2 Time(s)
unknown (89.248.168.156): 2 Time(s)
root (112.11.77.234): 1 Time(s)
root (112.99.6.243): 1 Time(s)
root (113.122.34.151): 1 Time(s)
root (113.124.138.2): 1 Time(s)
root (115.23.122.9): 1 Time(s)
root (122.190.255.153): 1 Time(s)
root (122.191.117.219): 1 Time(s)
root (123.96.202.208): 1 Time(s)
root (125.124.47.166): 1 Time(s)
root (14.110.211.27): 1 Time(s)
root (152.204.16.107): 1 Time(s)
root (152.204.29.216): 1 Time(s)
root (171.212.140.139): 1 Time(s)
root (186.133.183.223): 1 Time(s)
root (187.85.229.60): 1 Time(s)
root (221.164.114.224): 1 Time(s)
root (49.74.101.201): 1 Time(s)
root (dsl-122-226.vernon.mwt.net): 1 Time(s)
root (mobile-166-130-132-74.mycingular.net): 1 Time(s)
root (pompeii.mit.edu): 1 Time(s)
unknown (115.209.237.98): 1 Time(s)
unknown (122.166.5.145): 1 Time(s)
unknown (182.245.253.8): 1 Time(s)
unknown (187.85.229.60): 1 Time(s)
unknown (2.177.230.183): 1 Time(s)
unknown (88.250.206.118): 1 Time(s)
unknown (p54b243f4.dip0.t-ipconnect.de): 1 Time(s)
Invalid Users:
Unknown Account: 49 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
31.167K Bytes accepted 31,915
31.167K Bytes delivered 31,915
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 5 Time(s)
root : 26 Time(s)
ubnt : 1 Time(s)
Failed logins from:
2.177.230.183: 24 times
14.110.211.27: 6 times
18.126.0.25 (pompeii.mit.edu): 6 times
49.74.101.201: 6 times
89.248.168.156 (no-reverse-dns-configured.com): 3 times
112.11.77.234: 6 times
112.99.6.243: 6 times
113.122.34.151: 6 times
113.124.138.2: 6 times
115.23.122.9: 6 times
122.190.255.153: 6 times
122.191.117.219: 6 times
123.96.202.208: 6 times
125.124.47.166: 6 times
139.217.20.93: 3 times
152.204.16.107: 6 times
152.204.29.216: 6 times
166.130.132.74 (mobile-166-130-132-74.mycingular.net): 6 times
171.212.140.139: 6 times
186.133.183.223 (186-133-183-223.speedy.com.ar): 6 times
187.85.229.60 (187-85-229-60.user.superitelecom.com.br): 6 times
207.190.122.226 (dsl-122-226.vernon.mwt.net): 6 times
207.204.227.116 (116.227.204.207.client.static.strong20.as22781.net): 12 times
221.164.114.224: 6 times
Illegal users from:
2.177.230.183: 6 times
84.178.67.244 (p54B243F4.dip0.t-ipconnect.de): 6 times
88.250.206.118 (88.250.206.118.dynamic.ttnet.com.tr): 1 time
89.248.168.156 (no-reverse-dns-configured.com): 2 times
115.209.237.98: 6 times
122.166.5.145 (abts-kk-static-145.5.166.122.airtelbroadband.in): 6 times
139.217.20.93: 10 times
182.245.253.8: 6 times
187.85.229.60 (187-85-229-60.user.superitelecom.com.br): 6 times
Users logging in through sshd:
benediktb:
74.98.221.134 (pool-74-98-221-134.pitbpa.fios.verizon.net): 1 time
igitman:
74.111.100.11 (pool-74-111-100-11.pitbpa.fios.verizon.net): 2 times
joliva:
73.236.120.122 (c-73-236-120-122.hsd1.wv.comcast.net): 1 time
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 2 times
yifeim:
71.61.58.134 (c-71-61-58-134.hsd1.pa.comcast.net): 6 times
Received disconnect:
11: Bye Bye : 18 Time(s)
11: disconnected by user : 6 Time(s)
Setting tty modes failed:
Invalid argument : 2 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.96.202.208 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.177.230.183 : 1 time(s)
Protocol major versions differ for 47.90.201.201: SSH-2.0-OpenSSH_5.3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.124.138.2 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.190.255.153 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.99.6.243 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.122.34.151 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.74.101.201 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.124.47.166 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=pompeii.mit.edu user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.204.29.216 user=root : 1 time(s)
Address 89.248.168.156 maps to no-reverse-dns-configured.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 5 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.23.122.9 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.245.253.8 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.166.5.145 : 1 time(s)
reverse mapping checking getaddrinfo for 186-133-183-223.speedy.com.ar [186.133.183.223] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=171.212.140.139 user=root : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 32 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=152.204.16.107 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 187-85-229-60.user.superitelecom.com.br [187.85.229.60] failed - POSSIBLE BREAK-IN ATTEMPT! : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=186.133.183.223 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 88.250.206.118.dynamic.ttnet.com.tr [88.250.206.118] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for abts-kk-static-145.5.166.122.airtelbroadband.in [122.166.5.145] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=mobile-166-130-132-74.mycingular.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=p54b243f4.dip0.t-ipconnect.de : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.191.117.219 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=2.177.230.183 user=root : 4 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=14.110.211.27 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.11.77.234 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.85.229.60 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.227.204.207.client.static.strong20.as22781.net user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=187.85.229.60 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.209.237.98 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=dsl-122-226.vernon.mwt.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.164.114.224 user=root : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.1G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list