similar to: CentOS6 - Break in attempt? What is the Exploit?

This morning's log review revealed this sshd log entry on one of our web services hosts: Received disconnect: 11: disconnected by user : 2 Time(s) 3: com.jcraft.jsch.JSchException: reject HostKey: 216.185.71.170 : 1 Time(s) The IP address used is that of a public facing database query page for our freight transit information. It is itself a virtual IP address hosted on the system

well. sounds like some automatic deploytment tool? error ip ip address or other configuration failure? http://stackoverflow.com/questions/6356212/ant-scp-task-failure -- Eero 2015-09-21 11:29 GMT+03:00 James B. Byrne <byrnejb at harte-lyne.ca>: > This morning's log review revealed this sshd log entry on one of our > web services hosts: > > Received disconnect: >

> > In other words, the > >hostkeys would be identical. I think what the error indicates is that a client tried to connect to SSH, and the host key there did not match the fingerprint in the client's "known_hosts" database. > >It seems to me that someone attempted an ssh connection while spoofing > >our internal address. Is such a thing even possible? If

Tonight I added fail2ban to one of my webservers to test it out. Here is my step by step, as best as I could figure it out...documentation a bit sketchy. feel free to add anything to it or suggest changes. I tried to set it up to deal with ssh, http authentication, dovecot, ftp, and postfix I could find no working example for centos 6 and there is no fail2ban book available to peruse. So,

On Sat, September 19, 2015 06:51, Tony Mountifield wrote: > In article > <d0000782c236fbee71045dad24a43def.squirrel at webmail.harte-lyne.ca>, James B. Byrne <byrnejb at harte-lyne.ca> wrote: >> After some experimenting I have observed that overriding settings from >> /usr/share/logwatch/default.conf/logwatch.conf in >> /etc/logwatch/conf/logwatch.conf does not

I am trying to get a logwatch summary emailed to a central address from a cron job. The tasd was copied verbatim from a system which does this already. Both are shown below. host1 crontab -l as root 45 7 * * * /usr/sbin/logwatch --service http --service imapd --service pop3 --service sshd --service vsftpd --service zz-disk_space --service zz-network --service zz-sys --mailto support at

> On 10 Mar 2015, at 14:30, James B. Byrne <byrnejb at harte-lyne.ca> wrote: > > > On Mon, March 9, 2015 13:11, John Plemons wrote: >> Been working on fail2ban, and trying to make it work with plain Jane >> install of Centos 7 >> >> Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB >> of disk space. Very generic and vanilla.

Folks Logwatch is doing its thing properly on my 32-bit servers, delivering the report by mail to my root account once a day sometime around 3:30am. On the 64-bit systems, no mail is occurring. From the "cron" log on a 64-bit system, there are lines like: cron-20110821:Aug 21 03:36:23 XXX run-parts(/etc/cron.daily)[9727]: finished 0logwatch (where "XXX" stands for the

After some experimenting I have observed that overriding settings from /usr/share/logwatch/default.conf/logwatch.conf in /etc/logwatch/conf/logwatch.conf does not produce consistent results. For example, if I replace the default detail configuration in etc/logwatch/conf/logwatch.conf with: Detail = High It does indeed change the level of detail from the default Low set in

I got the fail2ban from epel. There were a number of issues relating to using a log file... logwatch was looking for both fail2ban and fail2ban.log logrotate file fail2ban added looked for fail2ban.log and then reset itself to syslog fail2ban itself went to syslog, over riding its fail2ban.log. took a while, but I use /var/log/fail2ban now, that finally worked through logrotates and logwatch.

On Mon, March 9, 2015 13:11, John Plemons wrote: > Been working on fail2ban, and trying to make it work with plain Jane > install of Centos 7 > > Machine is a HP running 2 Quad core Xeons, 16 gig or ram and 1 plus TB > of disk space. Very generic and vanilla. > > Current available epel repo version is fail2ban-0.9.1 > > Looking at the log file, fail2ban starts and stops

On Mon, September 14, 2015 14:51, James B. Byrne wrote: > The Logwatch imapd service script distributed with CentOS-6 does not > generate anything when I run logwatch --service all on a cyrus-imapd > host. Is this expected behaviour? Is there a separate script for > cyrus-imapd or are their configuration options required to get the > existing script to work. > > I have found

On Mon, September 14, 2015 21:28, Always Learning wrote: > > On Mon, 2015-09-14 at 14:51 -0400, James B. Byrne wrote: > >> The Logwatch imapd service script distributed with CentOS-6 does not >> generate anything when I run logwatch --service all on a cyrus-imapd >> host. Is this expected behaviour? Is there a separate script for >> cyrus-imapd or are their

The Logwatch imapd service script distributed with CentOS-6 does not generate anything when I run logwatch --service all on a cyrus-imapd host. Is this expected behaviour? Is there a separate script for cyrus-imapd or are their configuration options required to get the existing script to work. I have found an ancient (2004) logwatch service script for cyrus-imapd but I was sort of hoping that

CentOS-6.6 Can logwatch be configured to display the system uptime as part of the reporting prologue? If not then what would be the recommended way of including this information in a daily logwatch report? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne

Been working on my anti-spam centos mailserver for a while now and thought I would share fail2ban's help. I installed fail2ban a few weeks back. It was tough to get it working properly but pretty much working now. Although it works fine for brute force, I thought I would run it pretty tough against spammers. I started with a regular mail server, my old one, that is horrendously pounded

On Fri, December 26, 2014 12:59, Mike Burger wrote: > On 2014-12-26 12:39 pm, Robert G. (Doc) Savage wrote: >> I'm using fail2ban with CentOS 6.6. Something is causing fail2ban's >> alerts sent to root's mail to be rejected. Here's a clip from one of >> the >> error messages: >> >> >> Message 48: >> From

Up until this morning I have been running multiple versions of Libre and Open Office on my x86_64 CentOS desktop including the most recent. I decided, foolishly, to remove the oldest versions. Now I cannot get anything other than the LO version from base (3.4.5) to run. And, reinstalling all the older versions do not alter this condition. What I am seeing is this: # openoffice4 no suitable

How does one configure Skype/Gnome such that one can have Skype installed but not auto-start when the Gnome desktop opens? I have looked in the 'System/Preferences/Startup Applications' menu but Skype is not listed there. There are no options in the Application itself that allow this setting either. If there no other way then I will remove the application package and re-install when I

On Fri, February 10, 2017 15:44, Alice Wonder wrote: > On 02/10/2017 12:34 PM, James B. Byrne wrote: >> >> On Fri, February 10, 2017 06:26, Patrick Begou wrote: >>> Hello >>> >>> I have more and more troubles using firefox in professional >>> environment with >>> CentOS6. The latest version is 45.7.0 But I can't use it anymore to