[CentOS] FW: Logwatch for XXXXXXX.kd4efm.org (Linux)

Fri Oct 26 05:53:26 UTC 2007
jarmo <oh1mrr at nic.fi>

Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894 kirjoitti viestissään 
(lähetysaika torstai, 25. lokakuuta 2007 18:51):
> Found an error or two from my logwatch report from yesterday,
> thought I would share this in hopes this is just first time
> run of the problem I noticed in the Kernel report section...
>
> Also not sure why there's an issue with automount either....
> but I guess I could ask on that issue as well.
>
> I am not worried about the NAMED error, this is something that
> happens due to one of the services that is installed on the box,
> as it is HAM RADIO related only.
>
> Any feedback? I will be looking for it...
>
> some items will be X'ed for protection reasons.
>
> EFM
>
> -----Original Message-----
> From: logwatch at XXXXXX
> Sent: Thursday, October 25, 2007 4:02 AM
> To: root at XXXXXXXXX
> Subject: Logwatch for XXXXXXX.org (Linux)
>
>
>  ################### Logwatch 7.3 (03/24/06) ####################
>         Processing Initiated: Thu Oct 25 04:02:02 2007
>         Date Range Processed: yesterday
>                               ( 2007-Oct-24 )
>                               Period is day.
>       Detail Level of Output: 0
>               Type of Output: unformatted
>            Logfiles for Host: XXXXXXXXXXXX.kd4efm.org
>   ##################################################################
>
>  --------------------- Selinux Audit Begin ------------------------
>
>   Number of audit daemon stops: 1
>
>  **Unmatched Entries**
>   audit(1193230471.737:2): selinux=0 auid=4294967295
>
>  ---------------------- Selinux Audit End -------------------------
>
>
>  --------------------- Automount Begin ------------------------
>
>
>  **Unmatched Entries**
>  lookup_read_master: lookup(nisplus): couldn't locat nis+ table
> auto.master: 1 Time(s)
>
>  ---------------------- Automount End -------------------------
>
>
>  --------------------- Kernel Begin ------------------------
>
>
>  WARNING:  Kernel Errors Present
>     end_request: I/O error, dev fd0, sector ...:  2 Time(s)
>
>  ---------------------- Kernel End -------------------------

I get quite similar error with my cdplayer/burner, but found nothing
dramatic when looked? kernel is latest vanilla.
You are lucky when getting so small logwatch report....

Mine is:
 ################### Logwatch 7.3 (03/24/06) #################### 
        Processing Initiated: Fri Oct 26 04:02:03 2007
        Date Range Processed: yesterday
                              ( 2007-Oct-25 )
                              Period is day.
      Detail Level of Output: 0
              Type of Output: unformatted
           Logfiles for Host: oh1mrr.ampr.org
  ################################################################## 
 
 --------------------- httpd Begin ------------------------ 

 Requests with error response codes
    400 Bad Request
       /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s)
    404 Not Found
       /lamentable-amidships.gif: 3 Time(s)
       /phpmyadmin/index.php: 1 Time(s)
       /tiny_mce/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/cmsimple/editor_plugin.js: 1 Time(s)
       /tiny_mce/plugins/emotions/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/insertdatetime/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/paste/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/preview/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/print/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/save/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/searchreplace/langs/fi.js: 1 Time(s)
       /tiny_mce/plugins/table/langs/fi.js: 1 Time(s)
       /tiny_mce/themes/advanced/images/{$lang_bold_img}: 1 Time(s)
       /tiny_mce/themes/advanced/images/{$lang_italic_img}: 1 Time(s)
       /tiny_mce/themes/advanced/images/{$lang_underline_img}: 1 Time(s)
       /tiny_mce/themes/advanced/langs/fi.js: 1 Time(s)
       http://218.10.111.119/lbc.php: 14 Time(s)
       http://mail2.663.com.cn/include/prx.php?p= ... DF91E9AD57733E3: 15 
Time(s)
 
 ---------------------- httpd End ------------------------- 

 
 --------------------- iptables firewall Begin ------------------------ 

 
 Logged 948 packets on interface eth1
   From 4.227.16.133 - 1 packet to udp(1026) 
   From 7.207.168.25 - 1 packet to udp(1026) 
   From 9.23.40.186 - 1 packet to udp(1026) 
   From 19.149.118.245 - 1 packet to udp(1026) 
   From 21.132.92.162 - 1 packet to udp(1026) 
   From 24.231.67.82 - 2 packets to icmp(8) 
   From 40.87.195.237 - 1 packet to udp(1026) 
   From 41.30.221.210 - 1 packet to udp(1026) 
   From 41.208.215.98 - 2 packets to tcp(3306) 
   From 41.242.179.188 - 1 packet to tcp(3306) 
   From 53.146.190.52 - 1 packet to udp(1026) 
   From 56.181.95.236 - 1 packet to udp(1026) 
   From 58.20.228.52 - 1 packet to udp(1434) 
   From 58.172.48.65 - 2 packets to tcp(3306) 
   From 58.247.50.242 - 1 packet to tcp(5168) 
   From 59.151.208.47 - 2 packets to icmp(8) 
   From 59.157.208.109 - 1 packet to udp(1026) 
   From 59.174.207.157 - 1 packet to udp(1026) 
   From 60.49.230.166 - 2 packets to tcp(445) 
   From 61.69.44.70 - 1 packet to tcp(3306) 
   From 61.134.56.18 - 1 packet to udp(1434) 
   From 62.132.28.229 - 1 packet to udp(1026) 
   From 62.178.178.7 - 2 packets to icmp(8) 
   From 63.135.19.133 - 2 packets to icmp(8) 
   From 64.32.70.158 - 2 packets to icmp(8) 
   From 64.92.174.75 - 18 packets to icmp(3) 
   From 64.193.168.185 - 2 packets to icmp(8) 
   From 66.54.123.82 - 2 packets to icmp(8) 
   From 66.235.214.239 - 2 packets to tcp(110) 
   From 69.178.234.12 - 2 packets to tcp(4899) 
   From 70.69.73.231 - 2 packets to tcp(3306) 
   From 72.21.40.11 - 27 packets to tcp(44444,44452,44457) 
   From 72.49.19.7 - 2 packets to icmp(8) 
   From 72.110.29.158 - 1 packet to udp(1026) 
   From 74.202.13.30 - 2 packets to tcp(445) 
   From 74.233.105.14 - 2 packets to icmp(8) 
   From 75.179.139.140 - 1 packet to udp(1026) 
   From 79.185.28.117 - 2 packets to icmp(8) 
   From 80.48.79.153 - 15 packets to tcp(59909) 
   From 80.54.67.163 - 2 packets to icmp(8) 
   From 80.83.141.240 - 2 packets to icmp(8) 
   From 80.171.1.80 - 1 packet to tcp(135) 
   From 81.149.62.9 - 2 packets to tcp(3306) 
   From 82.88.202.165 - 2 packets to icmp(8) 
   From 82.154.4.245 - 2 packets to icmp(8) 
   From 82.166.13.50 - 4 packets to udp(1026,1027) 
   From 82.210.145.3 - 2 packets to icmp(8) 
   From 82.245.99.133 - 2 packets to icmp(8) 
   From 83.14.145.178 - 2 packets to tcp(139) 
   From 83.31.202.168 - 2 packets to icmp(8) 
   From 84.90.200.34 - 2 packets to tcp(3306) 
   From 85.74.23.207 - 2 packets to tcp(3306) 
   From 85.177.160.118 - 2 packets to icmp(8) 
   From 86.20.14.213 - 2 packets to tcp(3306) 
   From 87.28.250.85 - 2 packets to tcp(2967) 
   From 87.120.204.38 - 3 packets to tcp(5900) 
   From 88.77.2.45 - 1 packet to udp(1026) 
   From 88.112.114.156 - 2 packets to icmp(8) 
   From 88.146.165.64 - 2 packets to tcp(3306) 
   From 88.207.4.137 - 2 packets to icmp(8) 
   From 88.208.217.170 - 32 packets to icmp(3) 
   From 88.212.79.157 - 1 packet to udp(1026) 
   From 95.124.31.59 - 1 packet to udp(1026) 
   From 96.65.214.142 - 1 packet to udp(1026) 
   From 98.195.120.15 - 1 packet to udp(1026) 
   From 100.90.207.182 - 1 packet to udp(1026) 
   From 100.190.11.240 - 1 packet to udp(1026) 
   From 101.42.17.107 - 1 packet to udp(1026) 
   From 105.248.183.185 - 1 packet to udp(1026) 
   From 118.86.195.47 - 1 packet to udp(1026) 
   From 119.248.105.106 - 1 packet to udp(1026) 
   From 120.103.76.108 - 1 packet to udp(1026) 
   From 120.223.230.248 - 1 packet to udp(1026) 
   From 124.136.109.61 - 2 packets to icmp(8) 
   From 124.227.231.235 - 2 packets to tcp(135) 
   From 125.90.55.20 - 1 packet to tcp(135) 
   From 125.90.55.24 - 1 packet to tcp(135) 
   From 128.11.72.208 - 1 packet to udp(1026) 
   From 128.104.176.97 - 1 packet to udp(1026) 
   From 129.177.16.228 - 18 packets to tcp(33717,33734) 
   From 130.117.72.42 - 9 packets to tcp(39470) 
   From 130.117.72.43 - 9 packets to tcp(51459) 
   From 130.236.100.78 - 30 packets to icmp(3) 
   From 134.190.236.129 - 1 packet to udp(1026) 
   From 138.212.221.140 - 1 packet to udp(1026) 
   From 141.212.196.105 - 1 packet to udp(1026) 
   From 143.238.180.159 - 1 packet to udp(1026) 
   From 147.61.196.205 - 1 packet to udp(1026) 
   From 154.105.87.5 - 1 packet to udp(1026) 
   From 162.39.250.138 - 2 packets to tcp(8443) 
   From 173.97.26.181 - 1 packet to udp(1026) 
   From 174.13.1.102 - 1 packet to udp(1026) 
   From 177.63.233.77 - 1 packet to udp(1026) 
   From 179.72.3.9 - 1 packet to udp(1026) 
   From 187.174.232.150 - 1 packet to udp(1026) 
   From 188.210.10.212 - 1 packet to udp(1026) 
   From 189.4.225.106 - 2 packets to tcp(5900) 
   From 192.121.194.10 - 1 packet to udp(1026) 
   From 192.150.18.46 - 18 packets to tcp(39998,40013) 
   From 192.158.152.24 - 1 packet to udp(1026) 
   From 192.249.68.167 - 1 packet to udp(1026) 
   From 193.97.159.64 - 1 packet to udp(1026) 
   From 194.90.118.209 - 1 packet to udp(1026) 
   From 199.119.233.35 - 1 packet to udp(1026) 
   From 200.56.223.80 - 2 packets to icmp(8) 
   From 200.76.138.203 - 2 packets to icmp(8) 
   From 200.101.77.142 - 2 packets to icmp(8) 
   From 201.90.229.2 - 2 packets to icmp(8) 
   From 201.156.110.6 - 1 packet to udp(1026) 
   From 202.40.222.81 - 2 packets to icmp(8) 
   From 202.97.238.200 - 37 packets to udp(1026,1027) 
   From 202.97.238.202 - 18 packets to udp(1026,1027) 
   From 203.94.243.191 - 1 packet to udp(1434) 
   From 207.62.105.54 - 2 packets to icmp(8) 
   From 207.119.41.21 - 1 packet to icmp(8) 
   From 209.40.236.226 - 2 packets to icmp(8) 
   From 211.94.189.208 - 3 packets to tcp(5900) 
   From 212.54.203.210 - 2 packets to tcp(3306) 
   From 212.86.0.5 - 1 packet to udp(47831) 
   From 212.86.0.6 - 4 packets to udp(45974,45975,47838,48712) 
   From 212.178.45.34 - 2 packets to tcp(4899) 
   From 212.189.250.217 - 1 packet to udp(1026) 
   From 213.22.195.120 - 4 packets to tcp(2968) 
   From 213.29.11.170 - 2 packets to tcp(445) 
   From 213.35.229.40 - 2 packets to tcp(3306) 
   From 213.41.108.132 - 2 packets to tcp(445) 
   From 213.123.48.201 - 1 packet to tcp(135) 
   From 213.123.133.147 - 2 packets to tcp(5900) 
   From 213.130.7.109 - 1 packet to tcp(2967) 
   From 213.147.107.234 - 2 packets to tcp(135) 
   From 213.148.140.150 - 2 packets to tcp(135) 
   From 213.150.72.140 - 1 packet to tcp(135) 
   From 213.169.164.251 - 1 packet to tcp(135) 
   From 213.169.180.45 - 1 packet to tcp(135) 
   From 213.169.187.160 - 1 packet to tcp(135) 
   From 213.173.78.202 - 2 packets to tcp(135) 
   From 213.174.250.174 - 1 packet to tcp(135) 
   From 213.182.126.222 - 1 packet to tcp(135) 
   From 213.184.3.142 - 2 packets to tcp(5900) 
   From 213.184.255.123 - 2 packets to tcp(2967) 
   From 213.186.241.11 - 10 packets to tcp(135,445) 
   From 213.186.241.42 - 50 packets to tcp(135,139,445,1433) 
   From 213.186.246.244 - 1 packet to tcp(135) 
   From 213.186.249.126 - 23 packets to tcp(135) 
   From 213.186.249.236 - 16 packets to tcp(135,139,445) 
   From 213.214.57.216 - 6 packets to tcp(2967) 
   From 213.245.77.134 - 2 packets to icmp(8) 
   From 215.185.130.179 - 1 packet to udp(1026) 
   From 216.135.103.7 - 2 packets to icmp(8) 
   From 216.199.253.195 - 3 packets to tcp(135) 
   From 217.164.211.154 - 1 packet to icmp(8) 
   From 217.195.206.226 - 2 packets to tcp(1433) 
   From 217.199.190.24 - 2 packets to tcp(110) 
   From 218.10.111.119 - 21 packets to tcp(3128,8080) 
   From 218.10.137.141 - 29 packets to udp(1026,1027) 
   From 218.10.137.142 - 20 packets to udp(1026,1027) 
   From 218.25.68.163 - 1 packet to udp(1434) 
   From 218.26.191.171 - 1 packet to udp(1434) 
   From 218.106.91.25 - 1 packet to udp(1434) 
   From 218.108.70.246 - 1 packet to udp(1434) 
   From 218.169.74.106 - 2 packets to icmp(8) 
   From 219.87.252.80 - 2 packets to icmp(8) 
   From 219.147.233.30 - 1 packet to udp(1434) 
   From 219.153.22.95 - 2 packets to tcp(135) 
   From 219.153.40.153 - 1 packet to tcp(135) 
   From 219.153.71.5 - 1 packet to tcp(135) 
   From 219.254.35.210 - 1 packet to tcp(135) 
   From 220.129.66.76 - 1 packet to icmp(8) 
   From 220.150.238.54 - 2 packets to tcp(445) 
   From 220.165.143.37 - 1 packet to udp(1434) 
   From 220.182.54.124 - 1 packet to udp(1434) 
   From 221.139.35.78 - 2 packets to tcp(4899) 
   From 221.208.208.83 - 27 packets to udp(1026,1027) 
   From 221.208.208.90 - 26 packets to udp(1026,1027) 
   From 221.208.208.91 - 24 packets to udp(1026,1027) 
   From 221.208.208.95 - 19 packets to udp(1026,1027) 
   From 221.208.208.98 - 17 packets to udp(1026,1027) 
   From 221.208.208.99 - 24 packets to udp(1026,1027) 
   From 221.208.208.101 - 19 packets to udp(1026,1027) 
   From 221.208.208.103 - 27 packets to udp(1026,1027) 
   From 221.208.208.212 - 20 packets to udp(1026,1027) 
   From 221.209.110.8 - 29 packets to udp(1026,1027) 
   From 221.209.110.13 - 28 packets to udp(1026,1027) 
   From 221.209.110.20 - 22 packets to udp(1026,1027) 
   From 221.209.110.50 - 24 packets to udp(1026,1027) 
   From 222.108.56.173 - 2 packets to icmp(8) 
   From 222.171.13.179 - 1 packet to tcp(135) 
 
 ---------------------- iptables firewall End ------------------------- 

 
 --------------------- pam_unix Begin ------------------------ 

 sshd:
    Authentication Failures:
       unknown (212.102.0.124): 7 Time(s)
       root (200.21.94.116): 3 Time(s)
       root (212.102.0.124): 2 Time(s)
       root (218.85.133.13): 2 Time(s)
    Invalid Users:
       Unknown Account: 7 Time(s)
 
 
 ---------------------- pam_unix End ------------------------- 

 
 --------------------- SSHD Begin ------------------------ 

 
 Failed logins from:
    200.21.94.116: 3 times
    212.102.0.124 (shabnet0-124.shabakah.net): 2 times
    218.85.133.13: 2 times
 
 Illegal users from:
    212.102.0.124 (shabnet0-124.shabakah.net): 7 times
 
 
 Received disconnect:
    11: Bye Bye : 13 Time(s)
 
 Refused incoming connections:
       ::ffff:212.102.0.124 (::ffff:212.102.0.124): 1 Time(s)
 
 **Unmatched Entries**
 pam_succeed_if(sshd:auth): error retrieving information about user admin : 1 
time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user 
stephanie : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user william : 
1 time(s)
 reverse mapping checking getaddrinfo for shabnet0-124.shabakah.net failed - 
POSSIBLE BREAK-IN ATTEMPT! : 9 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user aaron : 1 
time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user gt05 : 1 
time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user trash : 1 
time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user stud : 1 
time(s)
 
 ---------------------- SSHD End ------------------------- 

 
 --------------------- XNTPD Begin ------------------------ 

 
 Time Reset 9 times (total: 44.691858 s  average: 4.965762 s)
 
 Total synchronizations 184 (hosts: 3)
 
 ---------------------- XNTPD End ------------------------- 

 
 --------------------- yum Begin ------------------------ 

 
 Packages Installed:
    kernel.i686 2.6.18-8.1.15.el5
 
 Packages Updated:
    xfsprogs-devel.i386 2.9.4-1.el5.centos
    openssl.i686 0.9.8b-8.3.el5_0.2
    xfsdump.i386 2.2.46-1.el5.centos
    lirc.i386 0.8.1-1.el5.af
    kernel-headers.i386 2.6.18-8.1.15.el5
    xfsprogs.i386 2.9.4-1.el5.centos
 
 ---------------------- yum End ------------------------- 

 
 --------------------- Disk Space Begin ------------------------ 

 Filesystem            Size  Used Avail Use% Mounted on
 /dev/hda5              36G  8.1G   26G  24% /
 /dev/hdb1              37G  3.3G   32G  10% /home
 /dev/hdc1             150G   33G  117G  22% /mrr
 
 
 ---------------------- Disk Space End -------------------------