OSSEC Alert - iris - Level 4 - First time user logged in.
OSSEC HIDS
auton.sysnotify at gmail.com
Tue Oct 8 13:01:29 EDT 2019
OSSEC HIDS Notification.
2019 Oct 08 10:10:52
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:10:50 iris sshguard[84562]: Attack from "67.207.83.115" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:10:52
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:10:50 iris sshguard[84562]: Attack from "67.207.83.115" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:10:52
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:10:50 iris sshguard[84562]: Blocking "67.207.83.115/32" for 960 secs (3 attacks in 0 secs, after 4 abuses over 2222 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:11:06
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:11:04 iris sshguard[84562]: Attack from "162.241.193.116" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:11:24
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:11:23 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:12:06
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:12:05 iris sshguard[84562]: Attack from "51.68.188.42" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:12:06
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:12:05 iris sshguard[84562]: Blocking "51.68.188.42/32" for 15360 secs (3 attacks in 259 secs, after 8 abuses over 17936 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:12:06
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:12:05 iris sshd[33231]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:13:55
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:13:54 iris sshguard[84562]: Attack from "51.75.70.30" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:13:55
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:13:54 iris sshguard[84562]: Blocking "51.75.70.30/32" for 3840 secs (3 attacks in 274 secs, after 6 abuses over 6357 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:13:55
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:13:54 iris sshd[12749]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:14:59
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:14:59 iris sshguard[84562]: Attack from "162.241.193.116" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:14:59
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:14:59 iris sshguard[84562]: Blocking "162.241.193.116/32" for 480 secs (3 attacks in 235 secs, after 3 abuses over 2499 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:15:01
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:14:59 iris sshd[47157]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:16:43
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:16:43 iris sshguard[84562]: Attack from "96.78.175.36" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:16:43
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:16:43 iris sshguard[84562]: Attack from "96.78.175.36" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:16:43
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:16:43 iris sshguard[84562]: Blocking "96.78.175.36/32" for 3840 secs (3 attacks in 0 secs, after 6 abuses over 5569 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:18:12
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:18:11 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:19:48
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:19:47 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:19:48
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:19:48 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:19:52
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:19:51 iris sshguard[84562]: Attack from "106.13.59.131" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:19:56
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:19:56 iris sshguard[84562]: Attack from "106.13.59.131" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:20:57
Received From: hera.int.autonsys.com->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:20:56 hera.int.autonsys.com rpc.statd: Failed to contact host springdale1.int.autonsys.com: RPC: Port mapper failure - RPC: Timed out
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:24:14
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:24:13 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:24:14
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:24:13 iris sshguard[84562]: Blocking "122.228.89.67/32" for 120 secs (3 attacks in 770 secs, after 1 abuses over 770 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:24:14
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:24:13 iris sshd[83851]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:24:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:24:31 iris sshguard[84562]: Attack from "106.13.59.131" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:24:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:24:31 iris sshguard[84562]: Blocking "106.13.59.131/32" for 960 secs (3 attacks in 280 secs, after 4 abuses over 2525 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:24:32
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:24:31 iris sshd[39492]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:26:58
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:26:57 iris sshguard[84562]: Attack from "162.241.193.116" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:28:13
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:28:12 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:28:41
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:28:40 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:30:26
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:30:25 iris sshguard[84562]: Attack from "77.81.106.213" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:30:26
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:30:25 iris sshguard[84562]: Blocking "77.81.106.213/32" for 15360 secs (3 attacks in 638 secs, after 8 abuses over 22761 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:30:26
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:30:25 iris sshd[3662]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:30:46
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:30:44 iris sshguard[84562]: Attack from "162.241.193.116" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:30:46
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:30:44 iris sshguard[84562]: Blocking "162.241.193.116/32" for 960 secs (3 attacks in 227 secs, after 4 abuses over 3444 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:30:46
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:30:44 iris sshd[34942]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:32:30
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:32:30 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:32:30
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:32:30 iris sshguard[84562]: Blocking "122.228.89.67/32" for 240 secs (3 attacks in 230 secs, after 2 abuses over 1267 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:32:30
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:32:30 iris sshd[19999]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:38:14
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:38:13 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:39:36
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:39:34 iris sshguard[84562]: Attack from "37.187.6.235" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:40:14
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:40:13 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:40:14
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:40:14 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:40:47
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:40:46 iris sshguard[84562]: Attack from "182.16.103.136" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:40:49
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:40:47 iris sshguard[84562]: Attack from "182.16.103.136" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:41:11
Received From: iris->/var/log/authlog
Rule: 10100 fired (level 4) -> "First time user logged in."
Src IP: 24.239.197.192
User: root
Portion of the log(s):
Oct 8 12:41:09 iris sshd[94343]: Accepted publickey for root from 24.239.197.192 port 53648 ssh2: RSA SHA256:2FQHgN/PbvqV8R5vpmp/eDqMOKa/2ge4BNCzT71AIZ8
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:42:35
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:42:34 iris sshguard[84562]: Attack from "106.13.59.131" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:43:39
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:43:38 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:43:39
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:43:38 iris sshguard[84562]: Blocking "122.228.89.67/32" for 480 secs (3 attacks in 205 secs, after 3 abuses over 1935 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:43:39
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:43:38 iris sshd[8367]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:44:00
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:43:58 iris sshguard[84562]: Attack from "37.187.6.235" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:44:00
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:43:58 iris sshguard[84562]: Blocking "37.187.6.235/32" for 15360 secs (3 attacks in 264 secs, after 8 abuses over 17403 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:44:00
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:43:58 iris sshd[88306]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:46:04
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:46:03 iris sshguard[84562]: Attack from "182.16.103.136" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:46:04
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:46:03 iris sshguard[84562]: Blocking "182.16.103.136/32" for 3840 secs (3 attacks in 317 secs, after 6 abuses over 6966 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:46:04
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:46:03 iris sshd[26861]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:47:00
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:46:59 iris sshguard[84562]: Attack from "106.13.59.131" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:47:00
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:46:59 iris sshguard[84562]: Blocking "106.13.59.131/32" for 1920 secs (3 attacks in 265 secs, after 5 abuses over 3873 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:47:00
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:46:59 iris sshd[44203]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:47:47
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:47:45 iris dhclient[58870]: em0: sendmsg(DHCPREQUEST): Permission denied
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:48:15
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:48:13 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:50:25
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:50:24 iris sshguard[84562]: Attack from "162.241.193.116" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:53:59
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:53:58 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:54:03
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:54:01 iris sshguard[84562]: Attack from "122.228.89.67" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:54:03
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:54:01 iris sshguard[84562]: Blocking "122.228.89.67/32" for 960 secs (3 attacks in 3 secs, after 4 abuses over 2558 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:54:21
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:54:20 iris sshguard[84562]: Attack from "162.241.193.116" on service 100 with danger 10.
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:54:21
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:54:20 iris sshguard[84562]: Blocking "162.241.193.116/32" for 1920 secs (3 attacks in 236 secs, after 5 abuses over 4860 secs.)
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:54:21
Received From: iris->/var/log/authlog
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:54:20 iris sshd[4099]: fatal: userauth_finish: Permission denied [preauth]
--END OF NOTIFICATION
OSSEC HIDS Notification.
2019 Oct 08 10:58:14
Received From: iris->/var/log/messages
Rule: 1002 fired (level 2) -> "Unknown problem somewhere in the system."
Portion of the log(s):
Oct 8 12:58:13 iris ddclient[15573]: FAILED: updating autonsys.com: NOACCESS: Authentication failed. This happens if the username/password OR host or domain are wrong.
--END OF NOTIFICATION
More information about the Autonlab-sysinfo
mailing list