Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Mon Jan 30 04:43:16 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Mon Jan 30 04:43:16 2017
Date Range Processed: yesterday
( 2017-Jan-29 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Sun Jan 29 03:50:06 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22959.cdiff [100%]
Downloading daily-22960.cdiff [100%]
Downloading daily-22961.cdiff [100%]
Downloading daily-22962.cdiff [100%]
Downloading daily-22963.cdiff [100%]
Downloading daily-22964.cdiff [100%]
daily.cld updated (version: 22964, sigs: 1494463, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5713308 signatures) from db.local.clamav.net (IP: 194.186.47.19)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
pengrui (c-24-131-224-151.hsd1.pa.comcast.net): 4 Time(s)
root (179.38.197.66): 3 Time(s)
root (109.107.126.68): 1 Time(s)
root (116.54.246.253): 1 Time(s)
root (117.202.94.37): 1 Time(s)
root (144.12.102.224): 1 Time(s)
root (177.129.244.154): 1 Time(s)
root (179.126.65.36): 1 Time(s)
root (181.174.43.180): 1 Time(s)
root (183.93.249.182): 1 Time(s)
root (185.117.51.201): 1 Time(s)
root (190.235.176.111): 1 Time(s)
root (190.96.243.13): 1 Time(s)
root (193-239-36-171.ksi-system.net): 1 Time(s)
root (201.218.197.238): 1 Time(s)
root (213.167.7.191): 1 Time(s)
root (220.165.101.221): 1 Time(s)
root (41.36.192.33): 1 Time(s)
root (85.105.198.89): 1 Time(s)
root (92.126.40.31): 1 Time(s)
root (r74-193-28-225.nacdcmta01.ncgdtx.tl.dh.suddenlink.net): 1 Time(s)
unknown (109.107.126.68): 1 Time(s)
unknown (122.242.92.22): 1 Time(s)
unknown (123.169.199.39): 1 Time(s)
unknown (182.65.202.231): 1 Time(s)
unknown (190.173.130.226): 1 Time(s)
unknown (222.252.183.131): 1 Time(s)
unknown (58.61.195.139): 1 Time(s)
unknown (95-83-54-43.saransk.ru): 1 Time(s)
Invalid Users:
Unknown Account: 48 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
24.901K Bytes accepted 25,499
24.901K Bytes delivered 25,499
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 7 Time(s)
root : 21 Time(s)
ubnt : 1 Time(s)
Failed logins from:
24.131.224.151 (c-24-131-224-151.hsd1.pa.comcast.net): 1 time
41.36.192.33 (host-41.36.192.33.tedata.net): 6 times
74.193.28.225 (r74-193-28-225.nacdcmta01.ncgdtx.tl.dh.suddenlink.net): 6 times
85.105.198.89 (85.105.198.89.static.ttnet.com.tr): 6 times
92.126.40.31: 6 times
109.107.126.68: 6 times
116.54.246.253 (253.246.54.116.broad.km.yn.dynamic.163data.com.cn): 6 times
117.202.94.37: 6 times
144.12.102.224: 1 time
177.129.244.154 (dynamic-244-154.infopardall.com.br): 6 times
179.38.197.66 (179-38-197-66.speedy.com.ar): 18 times
179.126.65.36 (179-126-065-36.xd-dynamic.algarnetsuper.com.br): 6 times
181.174.43.180 (181-174-43-180.telebucaramanga.net.co): 6 times
183.93.249.182: 6 times
185.117.51.201: 6 times
190.96.243.13 (190-96-243-13.telebucaramanga.net.co): 6 times
190.235.176.111: 6 times
193.239.36.171 (193-239-36-171.ksi-system.net): 6 times
201.218.197.238: 6 times
213.167.7.191 (7-191-asg.tvsat.co): 6 times
220.165.101.221 (221.101.165.220.broad.sm.yn.dynamic.163data.com.cn): 6 times
Illegal users from:
58.61.195.139 (139.195.61.58.broad.sz.gd.dynamic.163data.com.cn): 6 times
95.83.54.43 (95-83-54-43.saransk.ru): 6 times
109.107.126.68: 6 times
122.242.92.22: 6 times
123.169.199.39: 6 times
182.65.202.231 (abts-tn-dynamic-231.202.65.182.airtelbroadband.in): 6 times
190.173.130.226 (190-173-130-226.speedy.com.ar): 6 times
222.252.183.131 (localhost): 6 times
Users logging in through sshd:
awertz:
71.236.125.63 (c-71-236-125-63.hsd1.pa.comcast.net): 1 time
pengrui:
24.131.224.151 (c-24-131-224-151.hsd1.pa.comcast.net): 3 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 3 times
Received disconnect:
11: disconnected by user : 5 Time(s)
Setting tty modes failed:
Invalid argument : 3 Time(s)
**Unmatched Entries**
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.218.197.238 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.107.126.68 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 181-174-43-180.telebucaramanga.net.co [181.174.43.180] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=85.105.198.89 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 85.105.198.89.static.ttnet.com.tr [85.105.198.89] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for host-41.36.192.33.tedata.net [41.36.192.33] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.235.176.111 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.252.183.131 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.129.244.154 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.169.199.39 : 1 time(s)
reverse mapping checking getaddrinfo for 221.101.165.220.broad.sm.yn.dynamic.163data.com.cn [220.165.101.221] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
Address 213.167.7.191 maps to 7-191-asg.tvsat.co, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for dynamic-244-154.infopardall.com.br [177.129.244.154] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=220.165.101.221 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=193-239-36-171.ksi-system.net user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=109.107.126.68 : 1 time(s)
reverse mapping checking getaddrinfo for 253.246.54.116.broad.km.yn.dynamic.163data.com.cn [116.54.246.253] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 29 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=92.126.40.31 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.126.65.36 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.54.246.253 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.36.192.33 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.117.51.201 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 190-96-243-13.telebucaramanga.net.co [190.96.243.13] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=95-83-54-43.saransk.ru : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=r74-193-28-225.nacdcmta01.ncgdtx.tl.dh.suddenlink.net user=root : 1 time(s)
Protocol major versions differ for 47.89.187.225: SSH-2.0-OpenSSH_5.3 vs. SSH-1.5-NmapNSE_1.0 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.96.243.13 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 139.195.61.58.broad.sz.gd.dynamic.163data.com.cn [58.61.195.139] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
Address 222.252.183.131 maps to localhost, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=179.38.197.66 user=root : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.65.202.231 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.167.7.191 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.242.92.22 : 1 time(s)
reverse mapping checking getaddrinfo for 179-126-065-36.xd-dynamic.algarnetsuper.com.br [179.126.65.36] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.202.94.37 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.61.195.139 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.173.130.226 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.93.249.182 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.174.43.180 user=root : 1 time(s)
reverse mapping checking getaddrinfo for abts-tn-dynamic-231.202.65.182.airtelbroadband.in [182.65.202.231] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 190-173-130-226.speedy.com.ar [190.173.130.226] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for 179-38-197-66.speedy.com.ar [179.38.197.66] failed - POSSIBLE BREAK-IN ATTEMPT! : 3 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.0G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list