[Flug] richiesta di info... sempre il solito server sotto "pressione da parte di pulci (acari vari)"
alessio chemeri
alessio.chemeri@gmail.com
Sab 9 Lug 2011 07:18:18 CEST
I casi sono due,
o la mia "palestra" per (wanna be agow) piace molto in cina..
oppure mi stanno sfrantumando le palle..
Ho il server sotto pressione a palla da parte di cinesi vari e ieri
l'altro e' andato in blocco per colpa
loro (o meglio, credo sia cosi' visto che l'ultima informazione che ho
dell'auth log e' delle 17:44 e
l'ultimo filmato e' di 5 minuti prima..)
Jul 6 17:09:02 ubuntu CRON[4791]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 17:09:03 ubuntu CRON[4791]: pam_unix(cron:session): session
closed for user root
Jul 6 17:17:02 ubuntu CRON[4994]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 17:17:02 ubuntu CRON[4994]: pam_unix(cron:session): session
closed for user root
Jul 6 17:39:02 ubuntu CRON[5100]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 17:39:03 ubuntu CRON[5100]: pam_unix(cron:session): session
closed for user root
Jul 6 17:44:21 ubuntu sshd[5281]: Did not receive identification
string from 221.181.1.155
per me ubuntu e' un po' uno scatolo magico e misterioso.. perche'
continua ad aprirmi sessioni cron e chiuderle?
e' stato sfondato o lo deve fare e lo deve dire?
vi metto sotto un po' di auth.log per farvi capire quanto sfrantumano
la minchia.. vorrei capire.. e' compromesso
qualcosa?
Jun 26 06:01:05 ubuntu sshd[10357]: Failed password for root from
88.191.99.154 port 36065 ssh2
Jun 26 06:09:01 ubuntu CRON[10374]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:09:01 ubuntu CRON[10374]: pam_unix(cron:session): session
closed for user root
Jun 26 06:17:01 ubuntu CRON[10396]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:17:01 ubuntu CRON[10396]: pam_unix(cron:session): session
closed for user root
Jun 26 06:25:01 ubuntu CRON[10414]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:39:01 ubuntu CRON[10476]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:39:01 ubuntu CRON[10476]: pam_unix(cron:session): session
closed for user root
alessioc@ubuntu:/var/log$ tail auth.log.2 -n 100
Jun 26 03:31:54 ubuntu sshd[10004]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:31:54 ubuntu sshd[10004]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:31:54 ubuntu sshd[10004]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 03:31:56 ubuntu sshd[10004]: Failed password for root from
178.209.106.124 port 47471 ssh2
Jun 26 03:31:57 ubuntu sshd[10006]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124 user=root
Jun 26 03:31:57 ubuntu sshd[10006]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:31:57 ubuntu sshd[10006]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:31:57 ubuntu sshd[10006]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 03:32:00 ubuntu sshd[10006]: Failed password for root from
178.209.106.124 port 48430 ssh2
Jun 26 03:32:01 ubuntu sshd[10008]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124 user=root
Jun 26 03:32:01 ubuntu sshd[10008]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:01 ubuntu sshd[10008]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:01 ubuntu sshd[10008]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 03:32:03 ubuntu sshd[10008]: Failed password for root from
178.209.106.124 port 49481 ssh2
Jun 26 03:32:04 ubuntu sshd[10010]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124 user=root
Jun 26 03:32:04 ubuntu sshd[10010]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:04 ubuntu sshd[10010]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:04 ubuntu sshd[10010]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 03:32:07 ubuntu sshd[10010]: Failed password for root from
178.209.106.124 port 50370 ssh2
Jun 26 03:32:08 ubuntu sshd[10012]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124 user=root
Jun 26 03:32:08 ubuntu sshd[10012]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:08 ubuntu sshd[10012]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:08 ubuntu sshd[10012]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 03:32:10 ubuntu sshd[10012]: Failed password for root from
178.209.106.124 port 51535 ssh2
Jun 26 03:32:12 ubuntu sshd[10014]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124 user=root
Jun 26 03:32:12 ubuntu sshd[10014]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:12 ubuntu sshd[10014]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:12 ubuntu sshd[10014]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 03:32:13 ubuntu sshd[10014]: Failed password for root from
178.209.106.124 port 52467 ssh2
Jun 26 03:32:14 ubuntu sshd[10016]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124 user=root
Jun 26 03:32:14 ubuntu sshd[10016]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:14 ubuntu sshd[10016]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:14 ubuntu sshd[10016]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 03:32:17 ubuntu sshd[10016]: Failed password for root from
178.209.106.124 port 53165 ssh2
Jun 26 03:32:18 ubuntu sshd[10019]: Invalid user oracle from 178.209.106.124
Jun 26 03:32:18 ubuntu sshd[10019]: pam_unix(sshd:auth): check pass;
user unknown
Jun 26 03:32:18 ubuntu sshd[10019]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124
Jun 26 03:32:18 ubuntu sshd[10019]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:18 ubuntu sshd[10019]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:20 ubuntu sshd[10019]: Failed password for invalid user
oracle from 178.209.106.124 port 54292 ssh2
Jun 26 03:32:21 ubuntu sshd[10021]: Invalid user oracle from 178.209.106.124
Jun 26 03:32:21 ubuntu sshd[10021]: pam_unix(sshd:auth): check pass;
user unknown
Jun 26 03:32:21 ubuntu sshd[10021]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124
Jun 26 03:32:21 ubuntu sshd[10021]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:21 ubuntu sshd[10021]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:24 ubuntu sshd[10021]: Failed password for invalid user
oracle from 178.209.106.124 port 55270 ssh2
Jun 26 03:32:25 ubuntu sshd[10023]: Invalid user test from 178.209.106.124
Jun 26 03:32:25 ubuntu sshd[10023]: pam_unix(sshd:auth): check pass;
user unknown
Jun 26 03:32:25 ubuntu sshd[10023]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124
Jun 26 03:32:25 ubuntu sshd[10023]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:25 ubuntu sshd[10023]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:27 ubuntu sshd[10023]: Failed password for invalid user
test from 178.209.106.124 port 56273 ssh2
Jun 26 03:32:28 ubuntu sshd[10025]: Invalid user test from 178.209.106.124
Jun 26 03:32:28 ubuntu sshd[10025]: pam_unix(sshd:auth): check pass;
user unknown
Jun 26 03:32:28 ubuntu sshd[10025]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124
Jun 26 03:32:28 ubuntu sshd[10025]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:28 ubuntu sshd[10025]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:31 ubuntu sshd[10025]: Failed password for invalid user
test from 178.209.106.124 port 57332 ssh2
Jun 26 03:32:33 ubuntu sshd[10027]: Invalid user test from 178.209.106.124
Jun 26 03:32:33 ubuntu sshd[10027]: pam_unix(sshd:auth): check pass;
user unknown
Jun 26 03:32:33 ubuntu sshd[10027]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=178.209.106.124
Jun 26 03:32:33 ubuntu sshd[10027]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 03:32:33 ubuntu sshd[10027]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 03:32:35 ubuntu sshd[10027]: Failed password for invalid user
test from 178.209.106.124 port 58488 ssh2
Jun 26 03:39:01 ubuntu CRON[10041]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 03:39:01 ubuntu CRON[10041]: pam_unix(cron:session): session
closed for user root
Jun 26 04:09:01 ubuntu CRON[10105]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 04:09:01 ubuntu CRON[10105]: pam_unix(cron:session): session
closed for user root
Jun 26 04:17:01 ubuntu CRON[10127]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 04:17:01 ubuntu CRON[10127]: pam_unix(cron:session): session
closed for user root
Jun 26 04:39:02 ubuntu CRON[10172]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 04:39:02 ubuntu CRON[10172]: pam_unix(cron:session): session
closed for user root
Jun 26 05:09:01 ubuntu CRON[10236]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 05:09:01 ubuntu CRON[10236]: pam_unix(cron:session): session
closed for user root
Jun 26 05:17:01 ubuntu CRON[10259]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 05:17:01 ubuntu CRON[10259]: pam_unix(cron:session): session
closed for user root
Jun 26 05:39:01 ubuntu CRON[10304]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 05:39:01 ubuntu CRON[10304]: pam_unix(cron:session): session
closed for user root
Jun 26 06:00:58 ubuntu sshd[10353]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=spectrum.talix.org user=root
Jun 26 06:00:58 ubuntu sshd[10353]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 06:00:58 ubuntu sshd[10353]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 06:00:58 ubuntu sshd[10353]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 06:01:00 ubuntu sshd[10353]: Failed password for root from
88.191.99.154 port 35555 ssh2
Jun 26 06:01:01 ubuntu sshd[10355]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=spectrum.talix.org user=root
Jun 26 06:01:01 ubuntu sshd[10355]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 06:01:01 ubuntu sshd[10355]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 06:01:01 ubuntu sshd[10355]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 06:01:02 ubuntu sshd[10355]: Failed password for root from
88.191.99.154 port 35834 ssh2
Jun 26 06:01:03 ubuntu sshd[10357]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=spectrum.talix.org user=root
Jun 26 06:01:03 ubuntu sshd[10357]: pam_winbind(sshd:auth): getting
password (0x00000388)
Jun 26 06:01:03 ubuntu sshd[10357]: pam_winbind(sshd:auth):
pam_get_item returned a password
Jun 26 06:01:03 ubuntu sshd[10357]: pam_winbind(sshd:auth): request
wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN
(10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such
user
Jun 26 06:01:05 ubuntu sshd[10357]: Failed password for root from
88.191.99.154 port 36065 ssh2
Jun 26 06:09:01 ubuntu CRON[10374]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:09:01 ubuntu CRON[10374]: pam_unix(cron:session): session
closed for user root
Jun 26 06:17:01 ubuntu CRON[10396]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:17:01 ubuntu CRON[10396]: pam_unix(cron:session): session
closed for user root
Jun 26 06:25:01 ubuntu CRON[10414]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:39:01 ubuntu CRON[10476]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jun 26 06:39:01 ubuntu CRON[10476]: pam_unix(cron:session): session
closed for user root
ser root by (uid=0)
Jul 6 03:09:01 ubuntu CRON[31899]: pam_unix(cron:session): session
closed for user root
Jul 6 03:17:01 ubuntu CRON[31921]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 03:17:01 ubuntu CRON[31921]: pam_unix(cron:session): session
closed for user root
Jul 6 03:39:01 ubuntu CRON[31966]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 03:39:02 ubuntu CRON[31966]: pam_unix(cron:session): session
closed for user root
Jul 6 04:09:01 ubuntu CRON[32030]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 04:09:01 ubuntu CRON[32030]: pam_unix(cron:session): session
closed for user root
Jul 6 04:17:01 ubuntu CRON[32052]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 04:17:01 ubuntu CRON[32052]: pam_unix(cron:session): session
closed for user root
Jul 6 04:39:01 ubuntu CRON[32097]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 04:39:01 ubuntu CRON[32097]: pam_unix(cron:session): session
closed for user root
Jul 6 05:09:01 ubuntu CRON[32161]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 05:09:01 ubuntu CRON[32161]: pam_unix(cron:session): session
closed for user root
Jul 6 05:17:01 ubuntu CRON[32184]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 05:17:01 ubuntu CRON[32184]: pam_unix(cron:session): session
closed for user root
Jul 6 05:39:01 ubuntu CRON[32228]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 05:39:01 ubuntu CRON[32228]: pam_unix(cron:session): session
closed for user root
Jul 6 06:09:02 ubuntu CRON[32293]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 06:09:02 ubuntu CRON[32293]: pam_unix(cron:session): session
closed for user root
Jul 6 06:17:01 ubuntu CRON[32316]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 06:17:01 ubuntu CRON[32316]: pam_unix(cron:session): session
closed for user root
Jul 6 06:25:01 ubuntu CRON[32334]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 06:39:02 ubuntu CRON[32486]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 06:39:02 ubuntu CRON[32486]: pam_unix(cron:session): session
closed for user root
Jul 6 06:46:33 ubuntu CRON[32334]: pam_unix(cron:session): session
closed for user root
Jul 6 07:09:02 ubuntu CRON[566]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 07:09:03 ubuntu CRON[566]: pam_unix(cron:session): session
closed for user root
Jul 6 07:17:01 ubuntu CRON[639]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 07:17:01 ubuntu CRON[639]: pam_unix(cron:session): session
closed for user root
Jul 6 07:39:01 ubuntu CRON[771]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 07:39:03 ubuntu CRON[771]: pam_unix(cron:session): session
closed for user root
Jul 6 08:09:01 ubuntu CRON[1059]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 08:09:02 ubuntu CRON[1059]: pam_unix(cron:session): session
closed for user root
Jul 6 08:17:02 ubuntu CRON[1243]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 08:17:02 ubuntu CRON[1243]: pam_unix(cron:session): session
closed for user root
Jul 6 08:39:02 ubuntu CRON[1319]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 08:39:03 ubuntu CRON[1319]: pam_unix(cron:session): session
closed for user root
Jul 6 09:09:02 ubuntu CRON[1608]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 09:09:03 ubuntu CRON[1608]: pam_unix(cron:session): session
closed for user root
Jul 6 09:17:01 ubuntu CRON[1630]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 09:17:01 ubuntu CRON[1630]: pam_unix(cron:session): session
closed for user root
Jul 6 09:39:02 ubuntu CRON[1870]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 09:39:03 ubuntu CRON[1870]: pam_unix(cron:session): session
closed for user root
Jul 6 10:09:01 ubuntu CRON[2084]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 10:09:03 ubuntu CRON[2084]: pam_unix(cron:session): session
closed for user root
Jul 6 10:17:01 ubuntu CRON[2106]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 10:17:01 ubuntu CRON[2106]: pam_unix(cron:session): session
closed for user root
Jul 6 10:39:02 ubuntu CRON[2392]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 10:39:03 ubuntu CRON[2392]: pam_unix(cron:session): session
closed for user root
Jul 6 11:09:01 ubuntu CRON[2637]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 11:09:02 ubuntu CRON[2637]: pam_unix(cron:session): session
closed for user root
Jul 6 11:17:01 ubuntu CRON[2659]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 11:17:01 ubuntu CRON[2659]: pam_unix(cron:session): session
closed for user root
Jul 6 11:39:01 ubuntu CRON[2854]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 11:39:02 ubuntu CRON[2854]: pam_unix(cron:session): session
closed for user root
Jul 6 12:09:01 ubuntu CRON[3113]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 12:09:02 ubuntu CRON[3113]: pam_unix(cron:session): session
closed for user root
Jul 6 12:17:01 ubuntu CRON[3136]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 12:17:02 ubuntu CRON[3136]: pam_unix(cron:session): session
closed for user root
Jul 6 12:39:01 ubuntu CRON[3181]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 12:39:01 ubuntu CRON[3181]: pam_unix(cron:session): session
closed for user root
Jul 6 13:09:01 ubuntu CRON[3380]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 13:09:02 ubuntu CRON[3380]: pam_unix(cron:session): session
closed for user root
Jul 6 13:17:01 ubuntu CRON[3402]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 13:17:01 ubuntu CRON[3402]: pam_unix(cron:session): session
closed for user root
Jul 6 13:39:01 ubuntu CRON[3612]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 13:39:02 ubuntu CRON[3612]: pam_unix(cron:session): session
closed for user root
Jul 6 14:09:01 ubuntu CRON[3676]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 14:09:02 ubuntu CRON[3676]: pam_unix(cron:session): session
closed for user root
Jul 6 14:17:01 ubuntu CRON[3699]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 14:17:01 ubuntu CRON[3699]: pam_unix(cron:session): session
closed for user root
Jul 6 14:39:01 ubuntu CRON[3894]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 14:39:02 ubuntu CRON[3894]: pam_unix(cron:session): session
closed for user root
Jul 6 15:09:01 ubuntu CRON[4048]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 15:09:02 ubuntu CRON[4048]: pam_unix(cron:session): session
closed for user root
Jul 6 15:17:01 ubuntu CRON[4070]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 15:17:01 ubuntu CRON[4070]: pam_unix(cron:session): session
closed for user root
Jul 6 15:39:01 ubuntu CRON[4161]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 15:39:01 ubuntu CRON[4161]: pam_unix(cron:session): session
closed for user root
Jul 6 16:09:02 ubuntu CRON[4314]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 16:09:03 ubuntu CRON[4314]: pam_unix(cron:session): session
closed for user root
Jul 6 16:17:01 ubuntu CRON[4516]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 16:17:01 ubuntu CRON[4516]: pam_unix(cron:session): session
closed for user root
Jul 6 16:39:01 ubuntu CRON[4561]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 16:39:02 ubuntu CRON[4561]: pam_unix(cron:session): session
closed for user root
Jul 6 16:55:01 ubuntu sshd[4718]: Did not receive identification
string from 221.181.1.155
Jul 6 17:09:02 ubuntu CRON[4791]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 17:09:03 ubuntu CRON[4791]: pam_unix(cron:session): session
closed for user root
Jul 6 17:17:02 ubuntu CRON[4994]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 17:17:02 ubuntu CRON[4994]: pam_unix(cron:session): session
closed for user root
Jul 6 17:39:02 ubuntu CRON[5100]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 6 17:39:03 ubuntu CRON[5100]: pam_unix(cron:session): session
closed for user root
Jul 6 17:44:21 ubuntu sshd[5281]: Did not receive identification
string from 221.181.1.155
[qui il server si e' bloccato]
Jul 9 06:25:39 ubuntu sshd[579]: Server listening on 0.0.0.0 port 22.
Jul 9 06:25:39 ubuntu sshd[579]: Server listening on :: port 22.
Jul 9 06:26:51 ubuntu login[814]: pam_unix(login:auth): check pass;
user unknown
Jul 9 06:26:51 ubuntu login[814]: pam_unix(login:auth):
authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1
ruser= rhost=
Jul 9 06:26:51 ubuntu login[814]: pam_winbind(login:auth): getting
password (0x00000388)
Jul 9 06:26:51 ubuntu login[814]: pam_winbind(login:auth):
pam_get_item returned a password
Jul 9 06:26:54 ubuntu login[814]: FAILED LOGIN (1) on '/dev/tty1' FOR
'UNKNOWN', Authentication failure
Jul 9 06:27:04 ubuntu login[814]: pam_unix(login:auth): check pass;
user unknown
Jul 9 06:27:04 ubuntu login[814]: pam_unix(login:auth):
authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/tty1
ruser= rhost=
Jul 9 06:27:04 ubuntu login[814]: pam_winbind(login:auth): getting
password (0x00000388)
Jul 9 06:27:04 ubuntu login[814]: pam_winbind(login:auth):
pam_get_item returned a password
Jul 9 06:27:06 ubuntu login[814]: FAILED LOGIN (2) on '/dev/tty1' FOR
'UNKNOWN', Authentication failure
Jul 9 06:39:01 ubuntu CRON[925]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 9 06:39:01 ubuntu CRON[925]: pam_unix(cron:session): session
closed for user root
Jul 9 06:50:50 ubuntu sshd[1089]: Accepted password for ******** from
192.168.1.2 port 1123 ssh2
Jul 9 06:50:50 ubuntu sshd[1089]: pam_unix(sshd:session): session
opened for user ********* by (uid=0)
Jul 9 07:02:20 ubuntu sudo: alessioc : TTY=pts/0 ; PWD=/var/log ;
USER=root ; COMMAND=/bin/gunzip auth.log.2.gz
Jul 9 07:09:01 ubuntu CRON[1532]: pam_unix(cron:session): session
opened for user root by (uid=0)
Jul 9 07:09:01 ubuntu CRON[1532]: pam_unix(cron:session): session
closed for user root
ora se insistono a sfasciare la minchia probabilmente mi metto solo il
mio ip di casa (come aveva suggerito
il Piccardi) come autorizzato ad accedere in ssh e dovrei tagliargli le palle..
ma vorrei capire se hanno gia compromesso qualcosa (ho coperto anche
il nome con cui entro per chiari motivi
di sicurezza... test e' ovviamente la passw e test e' l'vtente :D)
il fatto che mi impallino il server ste teste di guano mi fa
incupire... purtroppo NON ho avuto per niente tempo
a disposizione in queste settimane e me ne sono accorto solo ora porcoboja..
ma perche' cron deve dire quando parte e quando si chiude
sull'auth.log? lo fa per richiesta di ubuntu / debian?
scusate l'ignoranza!
(e perche' cazzo ho lo winbind? chi lo vuole? ubuntu???)
Maggiori informazioni sulla lista
flug