Security from hackers

ednunnemaker

New Member
Joined
Oct 31, 2007
Messages
118
Reaction score
0
I'm fairly new to the networking world so I'm not sure what I'm looking at here. Should I be concerned about this?:



################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Thu Nov 29 04:02:03 2007
Date Range Processed: yesterday
( 2007-Nov-28 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: pbx.local
##################################################################

--------------------- Selinux Audit Begin ------------------------

Number of audit daemon stops: 1

**Unmatched Entries**
audit(1196219664.719:2): selinux=0 auid=4294967295

---------------------- Selinux Audit End -------------------------


--------------------- Automount Begin ------------------------


**Unmatched Entries**
lookup_read_master: lookup(nisplus): couldn't locat nis+ table auto.master: 1 Time(s)

---------------------- Automount End -------------------------


--------------------- httpd Begin ------------------------


Requests with error response codes
401 Unauthorized
/admin/config.php: 2 Time(s)
/maint/configedit/phpconfig.php: 2 Time(s)
404 Not Found
/admin/cdr/images/clear.gif: 1 Time(s)
/css/print.css: 1 Time(s)
/favicon.ico: 22 Time(s)
/panel/background.jpg: 1 Time(s)

---------------------- httpd End -------------------------


--------------------- pam_unix Begin ------------------------

sshd:
Authentication Failures:
root (65.254.57.242): 112 Time(s)
unknown (65.254.57.242): 54 Time(s)
root (60.209.221.237): 53 Time(s)
mysql (65.254.57.242): 2 Time(s)
Invalid Users:
Unknown Account: 54 Time(s)

su-l:
Unknown Entries:
session closed for user asterisk: 2 Time(s)
session opened for user asterisk by (uid=0): 1 Time(s)
session opened for user asterisk by root(uid=0): 1 Time(s)


---------------------- pam_unix End -------------------------


--------------------- Connections (secure-log) Begin ------------------------


**Unmatched Entries**
webmin[2892]: Webmin starting
webmin[5770]: Successful login as root from 192.168.0.182
webmin[5845]: Logout by root from 192.168.0.182
webmin[6542]: Successful login as root from 192.168.0.182

---------------------- Connections (secure-log) End -------------------------


--------------------- SSHD Begin ------------------------


SSHD Killed: 1 Time(s)

SSHD Started: 2 Time(s)

Failed logins from:
60.209.221.237: 53 times
65.254.57.242 (artn-group.com): 112 times

Illegal users from:
65.254.57.242 (artn-group.com): 56 times


Received disconnect:
11: Bye Bye : 220 Time(s)

**Unmatched Entries**
User mysql from 65.254.57.242 not allowed because not listed in AllowUsers : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user raul : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user jb : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user print : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user test : 8 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user user : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user mana : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user admin : 12 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user oracle : 10 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user anda : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user cvsuser1 : 1
time(s)
pam_succeed_if(sshd:auth): error retrieving information about user postgres : 2
time(s)
pam_succeed_if(sshd:auth): error retrieving information about user setup : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user cvsuser : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user user1 : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user vicky : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user gnax : 3 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user mythtv : 4 time(s)
reverse mapping checking getaddrinfo for artn-group.com failed - POSSIBLE BREAK-IN
ATTEMPT! : 168 time(s)

---------------------- SSHD End -------------------------


--------------------- XNTPD Begin ------------------------


XNTPD Killed: 1 Time(s)

XNTPD Started: 1 Time(s)

Total interfaces 6 (non-local: 2)

Total synchronizations 3 (hosts: 2)

---------------------- XNTPD End -------------------------


--------------------- Disk Space Begin ------------------------

Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
144G 1.8G 135G 2% /
/dev/sda1 99M 11M 83M 12% /boot


---------------------- Disk Space End -------------------------


###################### Logwatch End #########################
 

Titanous

New Member
Joined
Oct 18, 2007
Messages
164
Reaction score
0
It looks like someone has been trying to brute force your ssh. Do you have port 22 forwarded to your pbx? I would suggest using a alternate port. Look around the forum for details
 

ednunnemaker

New Member
Joined
Oct 31, 2007
Messages
118
Reaction score
0
Open Ports

The only ports I have open on my router are the 5000-5082 udp, 10000-20000 udp, 80 TCP and 9001 for webmin
 

darmock

PIAF Developer
Joined
Oct 18, 2007
Messages
2,892
Reaction score
98
You might try Fail2ban

http://www.fail2ban.org

This looks for hack attempts and bans ipaddresses. I just read about this in issue 84 of linux pro magazine and have just started to play with it.... Looks good on the surface. Might be worth a script when I get some time

have a peek

Tom
 

wardmundy

Nerd Uno
Joined
Oct 12, 2007
Messages
19,168
Reaction score
5,199
Ed, If you're getting entries in your logs like that, then either your system is sitting directly on the Internet, you have a port forwarded for SSH, or the IP address of your server has been designated as a DMZ (open) address on your router. There's no way you'd be getting hits from outside IP addresses without one of these conditions being met. Check again.
 
Get 3CX - Absolutely Free!

Link up your team and customers Phone System Live Chat Video Conferencing

Hosted or Self-managed. Up to 10 users free forever. No credit card. Try risk free.

3CX
A 3CX Account with that email already exists. You will be redirected to the Customer Portal to sign in or reset your password if you've forgotten it.
Top