OSSEC Alert - iris - Level 2 - Unknown problem somewhere in the system.
OSSEC HIDS
auton.sysnotify at gmail.com
Tue Oct 8 07:00:31 EDT 2019
OSSEC HIDS Notification.
2019 Oct 08 04:23:16
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:23:15 iris sshguard[84562]: Attack from "145.239.169.177" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:23:16
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:23:15 iris sshguard[84562]: Blocking "145.239.169.177/32" for 3840 secs (3 attacks in 234 secs, after 6 abuses over 6215 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:23:16
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:23:15 iris sshd[33037]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:26:45
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:26:44 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:26:45
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:26:44 iris sshguard[84562]: Blocking "77.81.106.213/32" for 120 secs (3 attacks in 940 secs, after 1 abuses over 940 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:26:45
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:26:44 iris sshd[50742]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:27:53
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:27:52 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:29:22
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:29:21 iris sshguard[84562]: Attack from "207.180.239.212" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:29:22
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:29:22 iris sshguard[84562]: Attack from "207.180.239.212" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:30:50
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:30:50 iris sshguard[84562]: Attack from "40.73.7.223" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:30:50
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:30:50 iris sshguard[84562]: Attack from "40.73.7.223" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:30:50
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:30:50 iris sshguard[84562]: Blocking "40.73.7.223/32" for 3840 secs (3 attacks in 0 secs, after 6 abuses over 5523 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:33:21
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:33:21 iris sshguard[84562]: Attack from "207.180.239.212" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:33:21
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:33:21 iris sshguard[84562]: Blocking "207.180.239.212/32" for 1920 secs (3 attacks in 240 secs, after 5 abuses over 3407 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:33:21
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:33:21 iris sshd[44076]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:37:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:37:32 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:37:54
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:37:53 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:39:19
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:39:19 iris sshguard[84562]: Attack from "177.69.237.49" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:44:24
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:44:23 iris sshguard[84562]: Attack from "177.69.237.49" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:44:24
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:44:23 iris sshguard[84562]: Blocking "177.69.237.49/32" for 15360 secs (3 attacks in 304 secs, after 8 abuses over 18985 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:44:24
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:44:23 iris sshd[11607]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:44:40
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:44:39 iris sshguard[84562]: Attack from "175.139.242.49" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:44:40
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:44:39 iris sshguard[84562]: Attack from "175.139.242.49" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:44:40
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:44:39 iris sshguard[84562]: Blocking "175.139.242.49/32" for 15360 secs (3 attacks in 0 secs, after 8 abuses over 18645 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:46:25
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:46:25 iris dhclient[58870]: em0: sendmsg(DHCPREQUEST): Permission denied
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:47:53
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:47:53 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:48:12
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:48:10 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:48:12
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:48:10 iris sshguard[84562]: Blocking "77.81.106.213/32" for 240 secs (3 attacks in 638 secs, after 2 abuses over 2226 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:48:12
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:48:10 iris sshd[63655]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:51:53
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:51:52 iris sshguard[84562]: Attack from "162.243.253.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:51:53
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:51:52 iris sshguard[84562]: Attack from "162.243.253.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:51:53
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:51:52 iris sshguard[84562]: Blocking "162.243.253.67/32" for 7680 secs (3 attacks in 0 secs, after 7 abuses over 21056 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:55:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:55:31 iris sshguard[84562]: Attack from "157.230.235.233" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:57:54
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:57:53 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:58:47
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:58:45 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 04:58:47
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 06:58:46 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
More information about the Autonlab-sysinfo
mailing list