HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Technical (http://www.howtoforge.com/forums/forumdisplay.php?f=8)
-   -   log files (http://www.howtoforge.com/forums/showthread.php?t=12667)

cruz 12th May 2007 20:50

log files
 
Is this someone trying to get into my server or is this normal. I have had some logs like this a few times.
HTML Code:

**Unmatched Entries**
 pam_succeed_if(sshd:auth): error retrieving information about user susan : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user library : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user willie : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user steve : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user agent : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user john : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user xgridcontroller : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user tony : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user rfmngr : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user appserver : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user test : 7 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user george : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user webmaster : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user arthur : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user alfred : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user clamav : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user beny : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user visitor : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user search : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user frank : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user id : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user irc : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user samba : 3 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user kathi : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user cyrusimap : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user ali : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user securityagent : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user aron : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user username : 2 time(s)
 Exiting on signal 15 : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user alias : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user jabber : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user radiomail : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user amanda : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user cyrus : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user newsletter : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user steven : 2 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user webpop : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user anita : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user andi : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user dany : 1 time(s)
 pam_succeed_if(sshd:auth): error retrieving information about user pgsql : 2 time(s)
--More--

No one I know. There are more, but I just posted a few of them.

falko 13th May 2007 19:55

Yes, it seems someone is trying a brute-force attack.
These tutorials might be interesting for you: http://www.howtoforge.com/fail2ban_debian_etch
http://www.howtoforge.com/preventing...with_denyhosts

cruz 14th May 2007 23:57

programs for blocking bruteforec
 
Will this work for centos5? It is saying the install is for debian. Is that the same as cent0s5, and are the files in the same places?Sorry I am new to Linux and do not know the diff.

falko 15th May 2007 15:35

CentOS is different from Debian, so you will have to make some changes to the tutorials (unfortunately I don't know which ones because I haven't tried them on CentOS).
One difference, for example, is that CentOS uses yum instead of apt-get to install packages, so where I use
Code:

apt-get install package
you'd use
Code:

yum install package
(the package names might also differ slightly).
The locations should more or less be the same.


All times are GMT +2. The time now is 09:08.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.