9:20 a.m.
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Mon Sep 5 03:20:04 2011
Date Range Processed: yesterday
( 2011-Sep-04 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: linode01.ovirt.org
##################################################################
--------------------- pam_unix Begin ------------------------
sshd:
Authentication Failures:
root (218.86.120.182): 1250 Time(s)
unknown (218.86.120.182): 1 Time(s)
Invalid Users:
Unknown Account: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
24.496K Bytes accepted 25,084
62.269K Bytes delivered 63,763
======== ================================================
7 Accepted 87.50%
1 Rejected 12.50%
-------- ------------------------------------------------
8 Total 100.00%
======== ================================================
1 Reject unknown user 100.00%
-------- ------------------------------------------------
1 Total Rejects 100.00%
======== ================================================
7 Connections made
7 Disconnections
7 Removed from queue
3 Delivered
14 Sent via SMTP
---------------------- Postfix End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from:
218.86.120.182 (182.120.86.218.other.sm.fj.dynamic.163data.com.cn): 1250 times
Illegal users from:
218.86.120.182 (182.120.86.218.other.sm.fj.dynamic.163data.com.cn): 1 time
Received disconnect:
11: Bye Bye : 1251 Time(s)
**Unmatched Entries**
reverse mapping checking getaddrinfo for
182.120.86.218.other.sm.fj.dynamic.163data.com.cn [218.86.120.182] failed - POSSIBLE
BREAK-IN ATTEMPT! : 1251 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/xvda 9.9G 928M 8.8G 10% /
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
2:02 a.m.
--X8oaj2qX3NXXvcHN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Sep 05, 2011 at 03:20:04AM -0400, logwatch(a)linode01.ovirt.org wrote:
I think these sshd attacks are going to continue to grow, especially
after we're not just a nameless IP address being scanned but an actual
mail host.
In the past what I've done is have sshd listen on a different port,
then drop 22 at the firewall (with the other port open.) Seems to work
to reduce the logging noise and machine time to keep saying "no"
thousands of times a day.
Requires sysadmin team to remember to use the not-normal port number
(-P in 'ssh' and -p in 'scp'), which may mess with scripts and
such. Something to consider if we want to do git+ssh on this or any
host.
Just some things to think about as we watch the log traffic ...
- Karsten
--=20
name: Karsten 'quaid' Wade, Sr. Community Gardener
team: Red Hat Community Architecture & Leadership
uri: http://communityleadershipteam.org
http://TheOpenSourceWay.org
gpg: AD0E0C41
--X8oaj2qX3NXXvcHN
Content-Type: application/pgp-signature
Content-Disposition: inline
--X8oaj2qX3NXXvcHN--
5025
days inactive
5027
days old
1 comments
2 participants
participants (2)
-
Karsten Wade -
logwatch@lists.ovirt.org