Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894
2007-Oct-25 15:51 UTC
[CentOS] FW: Logwatch for XXXXXXX.kd4efm.org (Linux)
Found an error or two from my logwatch report from yesterday,
thought I would share this in hopes this is just first time
run of the problem I noticed in the Kernel report section...
Also not sure why there's an issue with automount either....
but I guess I could ask on that issue as well.
I am not worried about the NAMED error, this is something that
happens due to one of the services that is installed on the box,
as it is HAM RADIO related only.
Any feedback? I will be looking for it...
some items will be X'ed for protection reasons.
EFM
-----Original Message-----
From: logwatch at XXXXXX
Sent: Thursday, October 25, 2007 4:02 AM
To: root at XXXXXXXXX
Subject: Logwatch for XXXXXXX.org (Linux)
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Thu Oct 25 04:02:02 2007
Date Range Processed: yesterday
( 2007-Oct-24 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: XXXXXXXXXXXX.kd4efm.org
##################################################################
--------------------- Selinux Audit Begin ------------------------
Number of audit daemon stops: 1
**Unmatched Entries**
audit(1193230471.737:2): selinux=0 auid=4294967295
---------------------- Selinux Audit End -------------------------
--------------------- Automount Begin ------------------------
**Unmatched Entries**
lookup_read_master: lookup(nisplus): couldn't locat nis+ table auto.master:
1 Time(s)
---------------------- Automount End -------------------------
--------------------- Kernel Begin ------------------------
WARNING: Kernel Errors Present
end_request: I/O error, dev fd0, sector ...: 2 Time(s)
---------------------- Kernel End -------------------------
--------------------- Named Begin ------------------------
**Unmatched Entries**
found 2 CPUs, using 2 worker threads: 1 Time(s)
---------------------- Named End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Killed: 1 Time(s)
SSHD Started: 1 Time(s)
Users logging in through sshd:
root:
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: 3 times
**Unmatched Entries**
Exiting on signal 15 : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- XNTPD Begin ------------------------
XNTPD Killed: 2 Time(s)
XNTPD Started: 2 Time(s)
Time Reset 2 times (total: -0.474561 s average: -0.237281 s)
Total interfaces 8 (non-local: 4)
Total synchronizations 11 (hosts: 5)
---------------------- XNTPD End -------------------------
--------------------- yum Begin ------------------------
Packages Installed:
kmod-gfs-xen.i686 0.1.16-5.2.6.18_8.1.14.el5
kmod-gnbd.i686 0.1.3-4.2.6.18_8.1.14.el5
kernel.i686 2.6.18-8.1.15.el5
kernel-xen.i686 2.6.18-8.1.15.el5
kmod-gfs.i686 0.1.16-5.2.6.18_8.1.14.el5
kernel-devel.i686 2.6.18-8.1.15.el5
kmod-gnbd-xen.i686 0.1.3-4.2.6.18_8.1.14.el5
Packages Updated:
opal.i386 2.2.2-1.1.0.1
kernel-headers.i386 2.6.18-8.1.15.el5
libsane-hpaio.i386 1.6.7-4.1.el5.3
openssl.i686 0.9.8b-8.3.el5_0.2
kdebase-devel.i386 6:3.5.4-15.el5.centos
kdelibs.i386 6:3.5.4-13.el5.centos
kdelibs-devel.i386 6:3.5.4-13.el5.centos
nfs-utils-lib.i386 1.0.8-7.2.z2
xen.i386 3.0.3-25.0.4.el5
xen-libs.i386 3.0.3-25.0.4.el5
kdebase.i386 6:3.5.4-15.el5.centos
tzdata.noarch 2007h-1.el5
pwlib.i386 1.10.1-7.0.1.el5
openssl-devel.i386 0.9.8b-8.3.el5_0.2
elinks.i386 0.11.1-5.1.0.1.el5
hpijs.i386 1:1.6.7-4.1.el5.3
firefox.i386 1.5.0.12-6.el5.centos
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/VolGroup00-LogVol00
71G 5.7G 61G 9% /
/dev/hda1 99M 42M 53M 45% /boot
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894 kirjoitti viestiss??n (l?hetysaika torstai, 25. lokakuuta 2007 18:51):> Found an error or two from my logwatch report from yesterday, > thought I would share this in hopes this is just first time > run of the problem I noticed in the Kernel report section... > > Also not sure why there's an issue with automount either.... > but I guess I could ask on that issue as well. > > I am not worried about the NAMED error, this is something that > happens due to one of the services that is installed on the box, > as it is HAM RADIO related only. > > Any feedback? I will be looking for it... > > some items will be X'ed for protection reasons. > > EFM > > -----Original Message----- > From: logwatch at XXXXXX > Sent: Thursday, October 25, 2007 4:02 AM > To: root at XXXXXXXXX > Subject: Logwatch for XXXXXXX.org (Linux) > > > ################### Logwatch 7.3 (03/24/06) #################### > Processing Initiated: Thu Oct 25 04:02:02 2007 > Date Range Processed: yesterday > ( 2007-Oct-24 ) > Period is day. > Detail Level of Output: 0 > Type of Output: unformatted > Logfiles for Host: XXXXXXXXXXXX.kd4efm.org > ################################################################## > > --------------------- Selinux Audit Begin ------------------------ > > Number of audit daemon stops: 1 > > **Unmatched Entries** > audit(1193230471.737:2): selinux=0 auid=4294967295 > > ---------------------- Selinux Audit End ------------------------- > > > --------------------- Automount Begin ------------------------ > > > **Unmatched Entries** > lookup_read_master: lookup(nisplus): couldn't locat nis+ table > auto.master: 1 Time(s) > > ---------------------- Automount End ------------------------- > > > --------------------- Kernel Begin ------------------------ > > > WARNING: Kernel Errors Present > end_request: I/O error, dev fd0, sector ...: 2 Time(s) > > ---------------------- Kernel End -------------------------I get quite similar error with my cdplayer/burner, but found nothing dramatic when looked? kernel is latest vanilla. You are lucky when getting so small logwatch report.... Mine is: ################### Logwatch 7.3 (03/24/06) #################### Processing Initiated: Fri Oct 26 04:02:03 2007 Date Range Processed: yesterday ( 2007-Oct-25 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: oh1mrr.ampr.org ################################################################## --------------------- httpd Begin ------------------------ Requests with error response codes 400 Bad Request /w00tw00t.at.ISC.SANS.DFind:): 1 Time(s) 404 Not Found /lamentable-amidships.gif: 3 Time(s) /phpmyadmin/index.php: 1 Time(s) /tiny_mce/langs/fi.js: 1 Time(s) /tiny_mce/plugins/cmsimple/editor_plugin.js: 1 Time(s) /tiny_mce/plugins/emotions/langs/fi.js: 1 Time(s) /tiny_mce/plugins/insertdatetime/langs/fi.js: 1 Time(s) /tiny_mce/plugins/paste/langs/fi.js: 1 Time(s) /tiny_mce/plugins/preview/langs/fi.js: 1 Time(s) /tiny_mce/plugins/print/langs/fi.js: 1 Time(s) /tiny_mce/plugins/save/langs/fi.js: 1 Time(s) /tiny_mce/plugins/searchreplace/langs/fi.js: 1 Time(s) /tiny_mce/plugins/table/langs/fi.js: 1 Time(s) /tiny_mce/themes/advanced/images/{$lang_bold_img}: 1 Time(s) /tiny_mce/themes/advanced/images/{$lang_italic_img}: 1 Time(s) /tiny_mce/themes/advanced/images/{$lang_underline_img}: 1 Time(s) /tiny_mce/themes/advanced/langs/fi.js: 1 Time(s) http://218.10.111.119/lbc.php: 14 Time(s) http://mail2.663.com.cn/include/prx.php?p= ... DF91E9AD57733E3: 15 Time(s) ---------------------- httpd End ------------------------- --------------------- iptables firewall Begin ------------------------ Logged 948 packets on interface eth1 From 4.227.16.133 - 1 packet to udp(1026) From 7.207.168.25 - 1 packet to udp(1026) From 9.23.40.186 - 1 packet to udp(1026) From 19.149.118.245 - 1 packet to udp(1026) From 21.132.92.162 - 1 packet to udp(1026) From 24.231.67.82 - 2 packets to icmp(8) From 40.87.195.237 - 1 packet to udp(1026) From 41.30.221.210 - 1 packet to udp(1026) From 41.208.215.98 - 2 packets to tcp(3306) From 41.242.179.188 - 1 packet to tcp(3306) From 53.146.190.52 - 1 packet to udp(1026) From 56.181.95.236 - 1 packet to udp(1026) From 58.20.228.52 - 1 packet to udp(1434) From 58.172.48.65 - 2 packets to tcp(3306) From 58.247.50.242 - 1 packet to tcp(5168) From 59.151.208.47 - 2 packets to icmp(8) From 59.157.208.109 - 1 packet to udp(1026) From 59.174.207.157 - 1 packet to udp(1026) From 60.49.230.166 - 2 packets to tcp(445) From 61.69.44.70 - 1 packet to tcp(3306) From 61.134.56.18 - 1 packet to udp(1434) From 62.132.28.229 - 1 packet to udp(1026) From 62.178.178.7 - 2 packets to icmp(8) From 63.135.19.133 - 2 packets to icmp(8) From 64.32.70.158 - 2 packets to icmp(8) From 64.92.174.75 - 18 packets to icmp(3) From 64.193.168.185 - 2 packets to icmp(8) From 66.54.123.82 - 2 packets to icmp(8) From 66.235.214.239 - 2 packets to tcp(110) From 69.178.234.12 - 2 packets to tcp(4899) From 70.69.73.231 - 2 packets to tcp(3306) From 72.21.40.11 - 27 packets to tcp(44444,44452,44457) From 72.49.19.7 - 2 packets to icmp(8) From 72.110.29.158 - 1 packet to udp(1026) From 74.202.13.30 - 2 packets to tcp(445) From 74.233.105.14 - 2 packets to icmp(8) From 75.179.139.140 - 1 packet to udp(1026) From 79.185.28.117 - 2 packets to icmp(8) From 80.48.79.153 - 15 packets to tcp(59909) From 80.54.67.163 - 2 packets to icmp(8) From 80.83.141.240 - 2 packets to icmp(8) From 80.171.1.80 - 1 packet to tcp(135) From 81.149.62.9 - 2 packets to tcp(3306) From 82.88.202.165 - 2 packets to icmp(8) From 82.154.4.245 - 2 packets to icmp(8) From 82.166.13.50 - 4 packets to udp(1026,1027) From 82.210.145.3 - 2 packets to icmp(8) From 82.245.99.133 - 2 packets to icmp(8) From 83.14.145.178 - 2 packets to tcp(139) From 83.31.202.168 - 2 packets to icmp(8) From 84.90.200.34 - 2 packets to tcp(3306) From 85.74.23.207 - 2 packets to tcp(3306) From 85.177.160.118 - 2 packets to icmp(8) From 86.20.14.213 - 2 packets to tcp(3306) From 87.28.250.85 - 2 packets to tcp(2967) From 87.120.204.38 - 3 packets to tcp(5900) From 88.77.2.45 - 1 packet to udp(1026) From 88.112.114.156 - 2 packets to icmp(8) From 88.146.165.64 - 2 packets to tcp(3306) From 88.207.4.137 - 2 packets to icmp(8) From 88.208.217.170 - 32 packets to icmp(3) From 88.212.79.157 - 1 packet to udp(1026) From 95.124.31.59 - 1 packet to udp(1026) From 96.65.214.142 - 1 packet to udp(1026) From 98.195.120.15 - 1 packet to udp(1026) From 100.90.207.182 - 1 packet to udp(1026) From 100.190.11.240 - 1 packet to udp(1026) From 101.42.17.107 - 1 packet to udp(1026) From 105.248.183.185 - 1 packet to udp(1026) From 118.86.195.47 - 1 packet to udp(1026) From 119.248.105.106 - 1 packet to udp(1026) From 120.103.76.108 - 1 packet to udp(1026) From 120.223.230.248 - 1 packet to udp(1026) From 124.136.109.61 - 2 packets to icmp(8) From 124.227.231.235 - 2 packets to tcp(135) From 125.90.55.20 - 1 packet to tcp(135) From 125.90.55.24 - 1 packet to tcp(135) From 128.11.72.208 - 1 packet to udp(1026) From 128.104.176.97 - 1 packet to udp(1026) From 129.177.16.228 - 18 packets to tcp(33717,33734) From 130.117.72.42 - 9 packets to tcp(39470) From 130.117.72.43 - 9 packets to tcp(51459) From 130.236.100.78 - 30 packets to icmp(3) From 134.190.236.129 - 1 packet to udp(1026) From 138.212.221.140 - 1 packet to udp(1026) From 141.212.196.105 - 1 packet to udp(1026) From 143.238.180.159 - 1 packet to udp(1026) From 147.61.196.205 - 1 packet to udp(1026) From 154.105.87.5 - 1 packet to udp(1026) From 162.39.250.138 - 2 packets to tcp(8443) From 173.97.26.181 - 1 packet to udp(1026) From 174.13.1.102 - 1 packet to udp(1026) From 177.63.233.77 - 1 packet to udp(1026) From 179.72.3.9 - 1 packet to udp(1026) From 187.174.232.150 - 1 packet to udp(1026) From 188.210.10.212 - 1 packet to udp(1026) From 189.4.225.106 - 2 packets to tcp(5900) From 192.121.194.10 - 1 packet to udp(1026) From 192.150.18.46 - 18 packets to tcp(39998,40013) From 192.158.152.24 - 1 packet to udp(1026) From 192.249.68.167 - 1 packet to udp(1026) From 193.97.159.64 - 1 packet to udp(1026) From 194.90.118.209 - 1 packet to udp(1026) From 199.119.233.35 - 1 packet to udp(1026) From 200.56.223.80 - 2 packets to icmp(8) From 200.76.138.203 - 2 packets to icmp(8) From 200.101.77.142 - 2 packets to icmp(8) From 201.90.229.2 - 2 packets to icmp(8) From 201.156.110.6 - 1 packet to udp(1026) From 202.40.222.81 - 2 packets to icmp(8) From 202.97.238.200 - 37 packets to udp(1026,1027) From 202.97.238.202 - 18 packets to udp(1026,1027) From 203.94.243.191 - 1 packet to udp(1434) From 207.62.105.54 - 2 packets to icmp(8) From 207.119.41.21 - 1 packet to icmp(8) From 209.40.236.226 - 2 packets to icmp(8) From 211.94.189.208 - 3 packets to tcp(5900) From 212.54.203.210 - 2 packets to tcp(3306) From 212.86.0.5 - 1 packet to udp(47831) From 212.86.0.6 - 4 packets to udp(45974,45975,47838,48712) From 212.178.45.34 - 2 packets to tcp(4899) From 212.189.250.217 - 1 packet to udp(1026) From 213.22.195.120 - 4 packets to tcp(2968) From 213.29.11.170 - 2 packets to tcp(445) From 213.35.229.40 - 2 packets to tcp(3306) From 213.41.108.132 - 2 packets to tcp(445) From 213.123.48.201 - 1 packet to tcp(135) From 213.123.133.147 - 2 packets to tcp(5900) From 213.130.7.109 - 1 packet to tcp(2967) From 213.147.107.234 - 2 packets to tcp(135) From 213.148.140.150 - 2 packets to tcp(135) From 213.150.72.140 - 1 packet to tcp(135) From 213.169.164.251 - 1 packet to tcp(135) From 213.169.180.45 - 1 packet to tcp(135) From 213.169.187.160 - 1 packet to tcp(135) From 213.173.78.202 - 2 packets to tcp(135) From 213.174.250.174 - 1 packet to tcp(135) From 213.182.126.222 - 1 packet to tcp(135) From 213.184.3.142 - 2 packets to tcp(5900) From 213.184.255.123 - 2 packets to tcp(2967) From 213.186.241.11 - 10 packets to tcp(135,445) From 213.186.241.42 - 50 packets to tcp(135,139,445,1433) From 213.186.246.244 - 1 packet to tcp(135) From 213.186.249.126 - 23 packets to tcp(135) From 213.186.249.236 - 16 packets to tcp(135,139,445) From 213.214.57.216 - 6 packets to tcp(2967) From 213.245.77.134 - 2 packets to icmp(8) From 215.185.130.179 - 1 packet to udp(1026) From 216.135.103.7 - 2 packets to icmp(8) From 216.199.253.195 - 3 packets to tcp(135) From 217.164.211.154 - 1 packet to icmp(8) From 217.195.206.226 - 2 packets to tcp(1433) From 217.199.190.24 - 2 packets to tcp(110) From 218.10.111.119 - 21 packets to tcp(3128,8080) From 218.10.137.141 - 29 packets to udp(1026,1027) From 218.10.137.142 - 20 packets to udp(1026,1027) From 218.25.68.163 - 1 packet to udp(1434) From 218.26.191.171 - 1 packet to udp(1434) From 218.106.91.25 - 1 packet to udp(1434) From 218.108.70.246 - 1 packet to udp(1434) From 218.169.74.106 - 2 packets to icmp(8) From 219.87.252.80 - 2 packets to icmp(8) From 219.147.233.30 - 1 packet to udp(1434) From 219.153.22.95 - 2 packets to tcp(135) From 219.153.40.153 - 1 packet to tcp(135) From 219.153.71.5 - 1 packet to tcp(135) From 219.254.35.210 - 1 packet to tcp(135) From 220.129.66.76 - 1 packet to icmp(8) From 220.150.238.54 - 2 packets to tcp(445) From 220.165.143.37 - 1 packet to udp(1434) From 220.182.54.124 - 1 packet to udp(1434) From 221.139.35.78 - 2 packets to tcp(4899) From 221.208.208.83 - 27 packets to udp(1026,1027) From 221.208.208.90 - 26 packets to udp(1026,1027) From 221.208.208.91 - 24 packets to udp(1026,1027) From 221.208.208.95 - 19 packets to udp(1026,1027) From 221.208.208.98 - 17 packets to udp(1026,1027) From 221.208.208.99 - 24 packets to udp(1026,1027) From 221.208.208.101 - 19 packets to udp(1026,1027) From 221.208.208.103 - 27 packets to udp(1026,1027) From 221.208.208.212 - 20 packets to udp(1026,1027) From 221.209.110.8 - 29 packets to udp(1026,1027) From 221.209.110.13 - 28 packets to udp(1026,1027) From 221.209.110.20 - 22 packets to udp(1026,1027) From 221.209.110.50 - 24 packets to udp(1026,1027) From 222.108.56.173 - 2 packets to icmp(8) From 222.171.13.179 - 1 packet to tcp(135) ---------------------- iptables firewall End ------------------------- --------------------- pam_unix Begin ------------------------ sshd: Authentication Failures: unknown (212.102.0.124): 7 Time(s) root (200.21.94.116): 3 Time(s) root (212.102.0.124): 2 Time(s) root (218.85.133.13): 2 Time(s) Invalid Users: Unknown Account: 7 Time(s) ---------------------- pam_unix End ------------------------- --------------------- SSHD Begin ------------------------ Failed logins from: 200.21.94.116: 3 times 212.102.0.124 (shabnet0-124.shabakah.net): 2 times 218.85.133.13: 2 times Illegal users from: 212.102.0.124 (shabnet0-124.shabakah.net): 7 times Received disconnect: 11: Bye Bye : 13 Time(s) Refused incoming connections: ::ffff:212.102.0.124 (::ffff:212.102.0.124): 1 Time(s) **Unmatched Entries** pam_succeed_if(sshd:auth): error retrieving information about user admin : 1 time(s) pam_succeed_if(sshd:auth): error retrieving information about user stephanie : 1 time(s) pam_succeed_if(sshd:auth): error retrieving information about user william : 1 time(s) reverse mapping checking getaddrinfo for shabnet0-124.shabakah.net failed - POSSIBLE BREAK-IN ATTEMPT! : 9 time(s) pam_succeed_if(sshd:auth): error retrieving information about user aaron : 1 time(s) pam_succeed_if(sshd:auth): error retrieving information about user gt05 : 1 time(s) pam_succeed_if(sshd:auth): error retrieving information about user trash : 1 time(s) pam_succeed_if(sshd:auth): error retrieving information about user stud : 1 time(s) ---------------------- SSHD End ------------------------- --------------------- XNTPD Begin ------------------------ Time Reset 9 times (total: 44.691858 s average: 4.965762 s) Total synchronizations 184 (hosts: 3) ---------------------- XNTPD End ------------------------- --------------------- yum Begin ------------------------ Packages Installed: kernel.i686 2.6.18-8.1.15.el5 Packages Updated: xfsprogs-devel.i386 2.9.4-1.el5.centos openssl.i686 0.9.8b-8.3.el5_0.2 xfsdump.i386 2.2.46-1.el5.centos lirc.i386 0.8.1-1.el5.af kernel-headers.i386 2.6.18-8.1.15.el5 xfsprogs.i386 2.9.4-1.el5.centos ---------------------- yum End ------------------------- --------------------- Disk Space Begin ------------------------ Filesystem Size Used Avail Use% Mounted on /dev/hda5 36G 8.1G 26G 24% / /dev/hdb1 37G 3.3G 32G 10% /home /dev/hdc1 150G 33G 117G 22% /mrr ---------------------- Disk Space End -------------------------
Ugo Bellavance
2007-Oct-26 16:00 UTC
[CentOS] Re: FW: Logwatch for XXXXXXX.kd4efm.org (Linux)
Evans F. Mitchell KD4EFM / AFA2TH / WQFK-894 wrote:> Found an error or two from my logwatch report from yesterday, > thought I would share this in hopes this is just first time > run of the problem I noticed in the Kernel report section... > > Also not sure why there's an issue with automount either.... > but I guess I could ask on that issue as well. > > I am not worried about the NAMED error, this is something that > happens due to one of the services that is installed on the box, > as it is HAM RADIO related only. > > Any feedback? I will be looking for it... > > some items will be X'ed for protection reasons.> WARNING: Kernel Errors Present > end_request: I/O error, dev fd0, sector ...: 2 Time(s)You tried to read or write to a floppy and it kind of failed...