Thoughts on my logwatch file

Dev Shed Forums Sponsor:

September 3rd, 2008, 10:17 AM

alleyOOPs

Contributing User

Join Date: Apr 2008

Posts: 239

Time spent in forums: 2 Days 15 h 51 m 6 sec
Reputation Power: 92

Thoughts on my logwatch file

Well, got my new server running, my first non dedicated colocation.

And this thing called logwatch is sent to me daily, kinda cool, but first time I ever saw it. My dedicated never did this..

Anyway, I want to post the odd items and see if any of you have any security suggestions or thoughts on this stuff as I am checking it out for the first time.

I am taking out stuff that is not an issue to make it shorter. Any ideas or thoughts appreciated.

Amazes me how on the new server it is being innundated so quickly with so many hack attempts...wow.

Code:

########## Logwatch 7.3 (03/24/06) ########## 
        Processing Initiated: Wed Sep  3 04:02:03 2008
        Date Range Processed: yesterday
                              ( 2008-Sep-02 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: localhost.localdomain
  #############
 
 --------------------- httpd Begin ------------------------ 

 Requests with error response codes
    400 Bad Request
       /w00tw00t.at.ISC.SANS.DFind:): 4 Time(s)
    403 Forbidden
       /: 1 Time(s)
    404 Not Found
       /e404.php?DOCUMENT_ROOT=http://www.spellet ... b.png/boo.do???: 1 Time(s)
       /e404.php?DOCUMENT_ROOT=http://www.spellet ... thumb.png/echo?: 1 Time(s)
       /forums/indeforum.php: 2 Time(s)
       /forums/profile.php?mode=register&agreed=t ... AndConfirm=true: 1 Time(s)
       /forums/profile.php?mode=register&agreed=true: 41 Time(s)
       /function.require: 4 Time(s)
       /function.require-once: 4 Time(s)
       /installedpackages.htm/?DOC_ROOT=http://il ... s/mraneti.txt??: 1 Time(s)
       /installedpackages.htm/e404.php?DOCUMENT_R ... thumb.png/echo?: 1 Time(s)
       /installedpackages.htm/s_loadenv.inc.php?D ... thumb.png/echo?: 1 Time(s)
       /s_loadenv.inc.php?DOCUMENT_ROOT=http://ww ... b.png/boo.do???: 1 Time(s)
       /s_loadenv.inc.php?DOCUMENT_ROOT=http://ww ... thumb.png/echo?: 1 Time(s)
       /test/html: 2 Time(s)
       http://thecric.free.fr/AZenv/azenv.php: 24 Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- Named Begin ------------------------ 

 
 **Unmatched Entries**
    client 65.221.104.181 notify question section contains no SOA: 2 Time(s)
 
 ---------------------- Named End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       root (81.214.108.250): 57 Time(s)
       unknown (gai166.internetdsl.tpnet.pl): 25 Time(s)
       unknown (81.214.108.250): 22 Time(s)
       unknown (email.cdut.edu.cn): 22 Time(s)
       root (gai166.internetdsl.tpnet.pl): 10 Time(s)
       unknown (static-71-98-243-34.tampfl.dsl-w.verizon.net): 8 Time(s)
       ftp (81.214.108.250): 7 Time(s)
       adm (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       bin (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       daemon (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       halt (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       lp (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       mail (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       operator (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       root (email.cdut.edu.cn): 4 Time(s)
       shutdown (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       sync (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       uucp (static-71-98-243-34.tampfl.dsl-w.verizon.net): 4 Time(s)
       games (static-71-98-243-34.tampfl.dsl-w.verizon.net): 3 Time(s)
       bobhoffman (email.cdut.edu.cn): 2 Time(s)
    Invalid Users:
       Unknown Account: 77 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- sendmail Begin ------------------------ 

 
 
 **Unmatched Entries**
    mxs.mail.ru.: SMTP DATA-2 protocol error: 503 valid RCPT command must precede DATA: 1 Time(s)
 ---------------------- sendmail End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    71.98.243.34 (static-71-98-243-34.tampfl.dsl-w.verizon.net): 43 times
    81.214.108.250 (dsl.static81214108250.ttnet.net.tr): 64 times
    83.12.8.166 (gai166.internetdsl.tpnet.pl): 10 times
    202.115.129.8 (email.cdut.edu.cn): 6 times
 
 Illegal users from:
    71.98.243.34 (static-71-98-243-34.tampfl.dsl-w.verizon.net): 8 times
    81.214.108.250 (dsl.static81214108250.ttnet.net.tr): 22 times
    83.12.8.166 (gai166.internetdsl.tpnet.pl): 25 times
    202.115.129.8 (email.cdut.edu.cn): 22 times
 
 Users logging in through sshd:
    root:
       98.64.114.97: 7 times
 
 
 Received disconnect:
    11: Bye Bye : 194 Time(s)
 
 SFTP subsystem requests: 6 Time(s)
 
 **Unmatched Entries**
 pam_succeed_if(sshd:auth): error retrieving information about user test7 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user fernando : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user info : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user stephanie : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user mike : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test4 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test5 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test2 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user gt05 : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user trash : 4 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user news : 4 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test6 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user user : 6 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user stud : 4 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test1 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user admin : 15 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user oracle : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user guest : 4 time(s)  reverse mapping checking getaddrinfo for dsl.static81214108250.ttnet.net.tr failed - POSSIBLE BREAK-IN ATTEMPT! : 86 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test8 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user tom : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user postgres : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user demouser : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user com : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test3 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user creativeprogramdesigners : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user root2 : 6 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user william : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user bret : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user aaron : 4 time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 
 (taken out by me to protect server)
 ---------------------- Disk Space End ------------------------- 

 
 ###################### Logwatch End #########################

__________________
My advice is just what I might do in a certain situation and should be taken with a grain of salt. No hating.

Viewing: Dev Shed Forums > Operating Systems > Linux Help > Thoughts on my logwatch file

« Previous Thread | Next Thread »

Thread Tools	Search this Thread
Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

Posting Rules
You may not post new threads You may not post replies You may not post attachments You may not edit your posts vB code is On Smilies are On [IMG] code is On HTML code is Off

View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox

Forum Jump

Free IT White Papers!

How to Present Effectively Online
This white paper offers practical and actionable advice on the key steps that any presenter should consider as they plan and execute a Webinar or online meeting.

Open Source Security Myths
Open Source Software (OSS) is computer software whose source code is available to the general public with relaxed or non-existent intellectual property restrictions (or arrangement such as the public domain), and is usually developed with the input of many contributors.

Power and Cooling Capacity Management for Data Centers
This paper describes the principles for achieving power and cooling capacity management.

Scalable, Fault-Tolerant NAS for Oracle - The Next Generation
For several years NAS has been evolving as a storage alternative for Oracle databases, and for good reason: NAS is quite often the simplest, most cost-effective storage approach for Oracle. Learn about the benefits that HP's approach to scalable NAS brings to Oracle environments in this comprehensive white paper.

Understanding Web Application Security Challenges
This white paper discusses many common threats and preventive measures for Web application security, and explains what you can do to help protect your organization.

More Free IT White Papers!