[Sysadmin] LogWatch for tempest
root
root at tempest.evolt.org
Sun Apr 11 06:25:37 CDT 2010
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Sun Apr 11 06:25:17 2010
Date Range Processed: yesterday
Detail Level of Output: 10
Logfiles for Host: tempest
################################################################
--------------------- Cron Begin ------------------------
Commands Run:
User dmah:
/home/dmah/bin/article_reminder.pl: 1 Time(s)
/home/dmah/bin/comment_reminder.pl: 1 Time(s)
User mailman:
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/checkdbs: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/disabled: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/gate_news: 288 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/nightly_gzip: 1 Time(s)
/usr/bin/python -S /home/mailman/lists.evolt.org/cron/senddigests: 1 Time(s)
User neuro:
~neuro/beo/oldbeo/mkarchivesize >/dev/null 2>&1: 1 Time(s)
User root:
run-parts --report /etc/cron.hourly: 24 Time(s)
[ -d /var/lib/php4 ] && find /var/lib/php4/ -type f -cmin +$(/usr/lib/php4/maxlifetime) -print0 | xargs -r -0 rm: 48 Time(s)
/home/dmah/bin/qmail-kill.sh 1> /dev/null 2>&1: 144 Time(s)
/store/host/browsers.evolt.org/mkarchivesize: 1 Time(s)
/usr/bin/freshclam --quiet -l /var/log/clam-update.log: 1 Time(s)
/usr/sbin/ntpdate -su us.pool.ntp.org us.pool.ntp.org: 1 Time(s)
/var/qmail/bin/qmailstats 1>/dev/null 2>/dev/null: 1 Time(s)
if [ -x /usr/bin/vnstat ] && [ `ls /var/lib/vnstat/ | wc -l` -ge 1 ]; then /usr/bin/vnstat -u; fi: 288 Time(s)
test -x /usr/sbin/anacron || run-parts --report /etc/cron.daily: 1 Time(s)
test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt: 1 Time(s)
User www-data:
[ -x /usr/lib/cgi-bin/awstats.pl -a -f /etc/awstats/awstats.conf -a -r /var/log/apache/access.log ] && /usr/lib/cgi-bin/awstats.pl -config=awstats -update >/dev/null: 144 Time(s)
---------------------- Cron End -------------------------
--------------------- EXIM Begin ------------------------
--- Messages history ---
3 messages delivered immediately to 3 total recipients
---------------------- EXIM End -------------------------
--------------------- httpd Begin ------------------------
0.18 MB transfered in 669 responses (1xx 0, 2xx 0, 3xx 39, 4xx 630, 5xx 0)
19 Images (0.01 MB),
16 Documents (0.00 MB),
581 Content pages (0.15 MB),
53 Other (0.02 MB)
Attempts to use 1 known hacks were logged 296 time(s)
phpmyadmin by
220.173.235.58 6 time(s)
203.153.30.243 290 time(s)
A total of 2 sites probed the server
220.173.235.58
203.153.30.243
A total of 31 unidentified 'other' records logged
GET /node/19340\" class=http://www.cufflinksandpins.co.uk/mail.php HTTP/1.1 with response code(s) 1 400 responses
GET /matthewo HTTP/1.0 with response code(s) 1 404 responses
GET /node/60384\" class=http://idasy.com/c99.txt? HTTP/1.1 with response code(s) 3 400 responses
GET /djc/temp/CREDITS HTTP/1.1 with response code(s) 1 404 responses
GET /node/19340\" class=http://zyngafree.bplaced.net/pbot2.txt?? HTTP/1.1 with response code(s) 2 400 responses
GET /mantruc/blog HTTP/1.0 with response code(s) 1 404 responses
- with response code(s) 4 408 responses
GET /deadL0ck/(null) HTTP/1.1 with response code(s) 1 404 responses
GET /node/60384\" class=http://www.cufflinksandpins.co.uk/mail.php HTTP/1.1 with response code(s) 1 400 responses
GET /jesteruk HTTP/1.1 with response code(s) 1 404 responses
GET /mantruc/blog HTTP/1.1 with response code(s) 1 404 responses
GET /signup.cfm HTTP/1.1 with response code(s) 7 404 responses
GET /php-login-system-with-admin-features\" class=http://idasy.com/c99.txt? HTTP/1.1 with response code(s) 3 400 responses
GET /some url here HTTP/1.1 with response code(s) 1 400 responses
GET /nmk HTTP/1.1 with response code(s) 1 404 responses
GET /mwarden/weblog HTTP/1.1 with response code(s) 1 404 responses
GET /jeff/code/preload_n_rollover HTTP/1.1 with response code(s) 2 404 responses
GET /user/soapCaller.bs HTTP/1.1 with response code(s) 1 404 responses
GET /signup.cfm HTTP/1.0 with response code(s) 1 404 responses
GET HTTP/1.0 with response code(s) 1 400 responses
GET /php-login-system-with-admin-features\" class=http://zyngafree.bplaced.net/pbot2.txt?? HTTP/1.1 with response code(s) 3 400 responses
GET /jeff/code/dhtml_form_rollover/index.cfm HTTP/1.1 with response code(s) 1 404 responses
GET /node/60384\" class=http://www.cufflinksandpins.co.uk/mail.phphttp://www.cufflinksandpins.co.uk/mail.php HTTP/1.1 with response code(s) 1 400 responses
GET /node/60384 \".php?\"&sa=X&ei=32jAS-XHJ4KiOJfMgZcE&ved=0CIkCEB8wTw' HTTP/1.0 with response code(s) 1 400 responses
GET /w00tw00t.at.ISC.SANS.DFind:) HTTP/1.1 with response code(s) 2 400 responses
GET /w00tw00t.at.ISC.SANS.test0:) HTTP/1.1 with response code(s) 3 400 responses
GET /node/60384\" class= HTTP/1.1 with response code(s) 2 400 responses
GET /php-login-system-with-admin-features\" class= HTTP/1.1 with response code(s) 2 400 responses
GET /some url HTTP/1.1 with response code(s) 1 400 responses
GET /burhankhalid HTTP/1.0 with response code(s) 1 404 responses
GET /signup.cfm;\" HTTP/1.0 with response code(s) 1 404 responses
A total of 15 ROBOTS were logged
Mozilla/5.0 (compatible; Yahoo! Slurp; http://help.yahoo.com/help/us/ysearch/slurp) 2 time(s)
Yandex/1.01.001 (compatible; Win16; H) 4 time(s)
Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) 2 time(s)
Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.8.1) VoilaBot BETA 1.2 (support.voilabot at orange-ftgroup.com) 1 time(s)
ia_archiver-web.archive.org 1 time(s)
SAMSUNG-SGH-E250/1.0 Profile/MIDP-2.0 Configuration/CLDC-1.1 UP.Browser/6.2.3.3.c.1.101 (GUI) MMP/2.0 (compatible; Googlebot-Mobile/2.1; +http://www.google.com/bot.html) 1 time(s)
Mozilla/5.0 (compatible; DotBot/1.1; http://www.dotnetdotcom.org/, crawler at dotnetdotcom.org) 5 time(s)
Nokia6682/2.0 (3.01.1) SymbianOS/8.0 Series60/2.6 Profile/MIDP-2.0 configuration/CLDC-1.1 UP.Link/6.3.0.0.0 (compatible;YahooSeeker/M1A1-R2D2; http://help.yahoo.com/help/us/ysearch/crawling/crawling-01.html) 1 time(s)
Mozilla/5.0 (compatible; spbot/2.0.2; +http://www.seoprofiler.com/bot/ ) 3 time(s)
Mozilla/5.0 (compatible; 008/0.83; http://www.80legs.com/spider.html;) Gecko/2008032620 3 time(s)
msnbot/2.0b (+http://search.msn.com/msnbot.htm) 41 time(s)
Baiduspider+(+http://www.baidu.com/search/spider.htm) 1 time(s)
Mozilla/5.0 (Twiceler-0.9 http://www.cuil.com/twiceler/robot.html) 5 time(s)
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) Speedy Spider (http://www.entireweb.com/about/search_tech/speedy_spider/) 1 time(s)
betaBot 1 time(s)
---------------------- httpd End -------------------------
--------------------- Kernel Begin ------------------------
1 Time(s): device eth0 entered promiscuous mode
1 Time(s): device eth0 left promiscuous mode
---------------------- Kernel End -------------------------
--------------------- pam_unix Begin ------------------------
cron:
Sessions Opened:
root: 510 Time(s)
mailman: 292 Time(s)
www-data: 144 Time(s)
dmah: 2 Time(s)
neuro: 1 Time(s)
su:
Sessions Opened:
(uid=0) -> nobody: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- sendmail Begin ------------------------
ERROR: Could not open /etc/mail/local-host-names
ERROR: Could not open /etc/mail/access
Message Size Distribution:
Range # Msgs KBytes
0 - 10k 0 0
10k - 20k 0 0
20k - 50k 0 0
50k - 100k 0 0
100k - 500k 0 0
500k - 1Mb 0 0
1Mb - 2Mb 0 0
2Mb - 5Mb 0 0
5Mb - 10Mb 0 0
10Mb+ 0 0
----------------------------------
TOTAL 0 0
---------------------- sendmail End -------------------------
--------------------- SSHD Begin ------------------------
Didn't receive an ident from these IPs:
114.80.162.79: 5 Time(s)
61.132.90.43: 5 Time(s)
62.18.44.153: 5 Time(s)
Failed logins from these:
alias/password from 114.80.162.79: 5 Time(s)
office/password from 114.80.162.79: 5 Time(s)
recruit/password from 114.80.162.79: 5 Time(s)
root/password from 66.45.80.183: 167 Time(s)
sales/password from 114.80.162.79: 5 Time(s)
samba/password from 114.80.162.79: 5 Time(s)
tomcat/password from 114.80.162.79: 2 Time(s)
Illegal users from these:
alias/password from 114.80.162.79: 5 Time(s)
office/none from 114.80.162.79: 5 Time(s)
office/password from 114.80.162.79: 5 Time(s)
recruit/none from 114.80.162.79: 5 Time(s)
recruit/password from 114.80.162.79: 5 Time(s)
sales/none from 114.80.162.79: 5 Time(s)
sales/password from 114.80.162.79: 5 Time(s)
samba/none from 114.80.162.79: 5 Time(s)
samba/password from 114.80.162.79: 5 Time(s)
tomcat/none from 114.80.162.79: 2 Time(s)
tomcat/password from 114.80.162.79: 2 Time(s)
User login attempt failed because:
shell /sbin/nologin does not exist:
alias : 5 Time(s)
**Unmatched Entries**
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
error: Could not get shadow information for NOUSER
---------------------- SSHD End -------------------------
--------------------- Syslogd Begin ------------------------
Syslogd started 1 Time(s)
---------------------- Syslogd End -------------------------
--------------------- vpopmail Begin ------------------------
No Such User Found:
cbird@ - 1 Time(s)
---------------------- vpopmail End -------------------------
------------------ Disk Space --------------------
/dev/hda3 72G 56G 12G 83% /
/dev/hda1 92M 6.3M 81M 8% /boot
###################### LogWatch End #########################
More information about the Sysadmin
mailing list