Logwatch for lake.auton.cs.cmu.edu (Linux)
punosevac72 at gmail.com
punosevac72 at gmail.com
Tue Jan 31 03:15:17 EST 2017
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Tue Jan 31 03:15:17 2017
Date Range Processed: yesterday
( 2017-Jan-30 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: lake.auton.cs.cmu.edu
##################################################################
--------------------- clam-update Begin ------------------------
Last ClamAV update process started at Mon Jan 30 04:52:34 2017
Last Status:
main.cvd is up to date (version: 57, sigs: 4218790, f-level: 60, builder: amishhammer)
Downloading daily-22965.cdiff [100%]
Downloading daily-22966.cdiff [100%]
Downloading daily-22967.cdiff [100%]
Downloading daily-22968.cdiff [100%]
Downloading daily-22969.cdiff [100%]
Downloading daily-22970.cdiff [100%]
daily.cld updated (version: 22970, sigs: 1494463, f-level: 63, builder: neo)
bytecode.cld is up to date (version: 290, sigs: 55, f-level: 63, builder: neo)
[LibClamAV] Detected duplicate databases /var/lib/clamav/main.cld and /var/lib/clamav/main.cvd. The /var/lib/clamav/main.cld database is older and will not be loaded, you should manually remove it from the database directory.
Database updated (5713308 signatures) from db.local.clamav.net (IP: 69.12.162.28)
---------------------- clam-update End -------------------------
--------------------- OpenVPN Begin ------------------------
Ciphers used for Authentication:
Data Channel:
Decrypt:
160 bit SHA1 used 24 Time(s)
Encrypt:
160 bit SHA1 used 24 Time(s)
Ciphers used for Encryption:
Data Channel:
Decrypt:
256 bit AES-256-CBC used 24 Time(s)
Encrypt:
256 bit AES-256-CBC used 24 Time(s)
**Unmatched Entries**
Control Channel: TLSv1.2, cipher TLSv1/SSLv3 DHE-RSA-AES256-GCM-SHA384, 1024 bit RSA: 24 Time(s)
VERIFY OK: depth=0, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=areas, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
VERIFY OK: depth=1, C=US, ST=PA, L=Pittsburgh, O=Carnegie Mellon University, OU=Auton, CN=changeme, name=changeme, emailAddress=predragp at andrew.cmu.edu: 24 Time(s)
---------------------- OpenVPN End -------------------------
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (5.1.81.96): 215 Time(s)
unknown (5.1.81.96): 156 Time(s)
unknown (202.115.80.212): 38 Time(s)
root (181.20.183.98): 4 Time(s)
adm (5.1.81.96): 3 Time(s)
root (164.215.235.125): 3 Time(s)
root (202.115.80.212): 3 Time(s)
unknown (197.200.50.122): 3 Time(s)
igitman (igor-ubuntu.wv.cc.cmu.edu): 2 Time(s)
lujiec (late.auton.cs.cmu.edu): 2 Time(s)
mysql (5.1.81.96): 2 Time(s)
postgres (5.1.81.96): 2 Time(s)
root (197.200.50.122): 2 Time(s)
tomcat (202.115.80.212): 2 Time(s)
tomcat (5.1.81.96): 2 Time(s)
apache (5.1.81.96): 1 Time(s)
backup (5.1.81.96): 1 Time(s)
bin (5.1.81.96): 1 Time(s)
ftp (5.1.81.96): 1 Time(s)
games (5.1.81.96): 1 Time(s)
gopher (5.1.81.96): 1 Time(s)
halt (5.1.81.96): 1 Time(s)
lp (5.1.81.96): 1 Time(s)
mail (5.1.81.96): 1 Time(s)
nfsnobody (5.1.81.96): 1 Time(s)
operator (5.1.81.96): 1 Time(s)
pengrui (c-24-131-224-151.hsd1.pa.comcast.net): 1 Time(s)
postfix (5.1.81.96): 1 Time(s)
postgres (202.115.80.212): 1 Time(s)
root (114.143.120.184): 1 Time(s)
root (116.24.155.164): 1 Time(s)
root (117.240.79.51): 1 Time(s)
root (122.190.255.31): 1 Time(s)
root (122.241.62.220): 1 Time(s)
root (123.169.230.73): 1 Time(s)
root (123.252.224.206): 1 Time(s)
root (170.79.149.114): 1 Time(s)
root (177.11.48.249): 1 Time(s)
root (178.185.96.111): 1 Time(s)
root (178.186.47-204.xdsl.ab.ru): 1 Time(s)
root (178.186.67.169): 1 Time(s)
root (178.67.127.41): 1 Time(s)
root (182.243.85.250): 1 Time(s)
root (188.16.76.138): 1 Time(s)
root (188.18.67.254): 1 Time(s)
root (200-161-162-217.dsl.telesp.net.br): 1 Time(s)
root (217.117.27.14): 1 Time(s)
root (221.231.99.24): 1 Time(s)
root (27.194.127.19): 1 Time(s)
root (42.103.101.1): 1 Time(s)
root (60.49.214.53): 1 Time(s)
unknown (110-174-196-205.static.tpgi.com.au): 1 Time(s)
unknown (115.248.141.177): 1 Time(s)
unknown (122.162.35.156): 1 Time(s)
unknown (164.215.235.125): 1 Time(s)
unknown (168.253.114.54): 1 Time(s)
unknown (181.20.183.98): 1 Time(s)
unknown (201.179.163.17): 1 Time(s)
unknown (58.240.77.34): 1 Time(s)
unknown (p5b276fee.dip0.t-ipconnect.de): 1 Time(s)
Invalid Users:
Unknown Account: 333 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
26.278K Bytes accepted 26,909
26.278K Bytes delivered 26,909
======== ================================================
2 Accepted 100.00%
-------- ------------------------------------------------
2 Total 100.00%
======== ================================================
2 Removed from queue
1 Sent via SMTP
1 Forwarded
1 Connection failure (outbound)
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Disconnecting after too many authentication failures for user:
admin : 11 Time(s)
root : 30 Time(s)
ubnt : 1 Time(s)
Failed logins from:
5.1.81.96: 665 times
27.194.127.19: 6 times
42.103.101.1: 6 times
60.49.214.53: 6 times
114.143.120.184: 6 times
116.24.155.164: 6 times
117.240.79.51: 6 times
122.190.255.31: 6 times
122.241.62.220: 6 times
123.169.230.73: 6 times
123.252.224.206: 6 times
128.237.204.90: 1 time
164.215.235.125: 18 times
170.79.149.114: 6 times
177.11.48.249 (server.sigmacloud.net): 2 times
178.67.127.41 (pppoe.178-67-127-41.avangarddsl.ru): 6 times
178.185.96.111 (dnm.111.96.185.178.dsl.krasnet.ru): 6 times
178.186.47.204: 6 times
178.186.67.169: 6 times
181.20.183.98 (181-20-183-98.speedy.com.ar): 24 times
182.243.85.250: 6 times
188.16.76.138: 6 times
188.18.67.254: 6 times
197.200.50.122: 12 times
200.161.162.217 (200-161-162-217.dsl.telesp.net.br): 6 times
202.115.80.212: 6 times
217.117.27.14 (ip-217-117-27-14.bnk.lt): 6 times
221.231.99.24: 6 times
Illegal users from:
5.1.81.96: 223 times
58.240.77.34: 6 times
91.39.111.238 (p5B276FEE.dip0.t-ipconnect.de): 6 times
110.174.196.205 (110-174-196-205.static.tpgi.com.au): 6 times
115.248.141.177: 6 times
122.162.35.156 (abts-north-dynamic-156.35.162.122.airtelbroadband.in): 6 times
164.215.235.125: 6 times
168.253.114.54: 6 times
181.20.183.98 (181-20-183-98.speedy.com.ar): 6 times
197.200.50.122: 18 times
201.179.163.17 (201-179-163-17.speedy.com.ar): 6 times
202.115.80.212: 38 times
Users logging in through sshd:
backup:
128.2.204.201 (areas.auton.cs.cmu.edu): 1 time
benediktb:
204.148.24.98 (Internet-gw.customer.alter.net): 4 times
igitman:
128.237.204.90: 2 times
kkandasa:
128.2.210.190 (gs13103.sp.cs.cmu.edu): 3 times
lujiec:
128.2.182.178 (late.auton.cs.cmu.edu): 2 times
mbarnes1:
128.237.130.64: 4 times
73.79.83.141 (c-73-79-83-141.hsd1.pa.comcast.net): 1 time
ngisolfi:
128.2.178.134 (gs15623.sp.cs.cmu.edu): 8 times
pengrui:
24.131.224.151 (c-24-131-224-151.hsd1.pa.comcast.net): 15 times
128.237.202.83 (android-a4884477cac48df2.wv.cc.cmu.edu): 2 times
predrag:
24.154.54.187 (dynamic-acs-24-154-54-187.zoominternet.net): 5 times
sibiv:
128.2.178.16 (gs14416.sp.cs.cmu.edu): 9 times
67.186.35.210 (c-67-186-35-210.hsd1.pa.comcast.net): 1 time
Received disconnect:
11: Bye Bye : 44 Time(s)
11: disconnected by user : 46 Time(s)
Setting tty modes failed:
Invalid argument : 3 Time(s)
SFTP subsystem requests: 3 Time(s)
**Unmatched Entries**
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.1.81.96 : 19 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.169.230.73 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.16.76.138 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.215.235.125 user=root : 3 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.1.81.96 user=mysql : 1 time(s)
reverse mapping checking getaddrinfo for 201-179-163-17.speedy.com.ar [201.179.163.17] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.252.224.206 user=root : 1 time(s)
Disconnecting: Change of username or service not allowed: (root4,ssh-connection) -> (root,ssh-connection) : 1 time(s)
Disconnecting: Change of username or service not allowed: (admins,ssh-connection) -> (admin,ssh-connection) : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.186.47-204.xdsl.ab.ru user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.190.255.31 user=root : 1 time(s)
Disconnecting: Change of username or service not allowed: (minecraft1,ssh-connection) -> (minecraft,ssh-connection) : 1 time(s)
reverse mapping checking getaddrinfo for ip-217-117-27-14.bnk.lt [217.117.27.14] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=177.11.48.249 user=root : 1 time(s)
Disconnecting: Change of username or service not allowed: (nfsnobody,ssh-connection) -> (nobody,ssh-connection) : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.1.81.96 user=postgres : 1 time(s)
reverse mapping checking getaddrinfo for server.sigmacloud.net [177.11.48.249] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
reverse mapping checking getaddrinfo for pppoe.178-67-127-41.avangarddsl.ru [178.67.127.41] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.185.96.111 user=root : 1 time(s)
Disconnecting: Change of username or service not allowed: (httpd,ssh-connection) -> (http,ssh-connection) : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=164.215.235.125 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.179.163.17 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=110-174-196-205.static.tpgi.com.au : 1 time(s)
Disconnecting: Change of username or service not allowed: (administrator,ssh-connection) -> (admin,ssh-connection) : 1 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=igor-ubuntu.wv.cc.cmu.edu user=igitman : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.248.141.177 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=200-161-162-217.dsl.telesp.net.br user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.200.50.122 user=root : 2 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.67.127.41 user=root : 1 time(s)
Disconnecting: Change of username or service not allowed: (rootalias,ssh-connection) -> (root,ssh-connection) : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.162.35.156 : 1 time(s)
reverse mapping checking getaddrinfo for abts-north-dynamic-156.35.162.122.airtelbroadband.in [122.162.35.156] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.24.155.164 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.20.183.98 : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=60.49.214.53 user=root : 1 time(s)
reverse mapping checking getaddrinfo for 181-20-183-98.speedy.com.ar [181.20.183.98] failed - POSSIBLE BREAK-IN ATTEMPT! : 5 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=221.231.99.24 user=root : 1 time(s)
reverse mapping checking getaddrinfo for dnm.111.96.185.178.dsl.krasnet.ru [178.185.96.111] failed - POSSIBLE BREAK-IN ATTEMPT! : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=182.243.85.250 user=root : 1 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.1.81.96 user=root : 210 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.200.50.122 : 3 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.143.120.184 user=root : 1 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.1.81.96 user=adm : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=p5b276fee.dip0.t-ipconnect.de : 1 time(s)
Address 204.148.24.98 maps to internet-gw.customer.alter.net, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 4 time(s)
Disconnecting: Change of username or service not allowed: (newsletter,ssh-connection) -> (news,ssh-connection) : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=178.186.67.169 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.241.62.220 user=root : 1 time(s)
Disconnecting: Change of username or service not allowed: (admissions,ssh-connection) -> (adm,ssh-connection) : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=168.253.114.54 : 1 time(s)
PAM service(sshd) ignoring max retries; 6 > 3 : 42 time(s)
Disconnecting: Change of username or service not allowed: (identd,ssh-connection) -> (ident,ssh-connection) : 1 time(s)
Disconnecting: Change of username or service not allowed: (popa3d,ssh-connection) -> (pop,ssh-connection) : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=42.103.101.1 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.20.183.98 user=root : 4 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=188.18.67.254 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=27.194.127.19 user=root : 1 time(s)
PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.1.81.96 : 24 time(s)
PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=5.1.81.96 user=root : 4 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.79.149.114 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.240.79.51 user=root : 1 time(s)
Disconnecting: Change of username or service not allowed: (root0,ssh-connection) -> (root,ssh-connection) : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=217.117.27.14 user=root : 1 time(s)
PAM 5 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.240.77.34 : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
backup => root
--------------
/usr/bin/rsync - 1 Times.
---------------------- Sudo (secure-log) End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_loom-lv_root
50G 38G 9.0G 81% /
/dev/sda1 477M 208M 244M 47% /boot
/dev/mapper/vg_loom-lv_home
178G 50G 119G 30% /home
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
More information about the Autonlab-sysinfo
mailing list