Moja zawartość
Mężczyzna
Historia nazw wyświetlanych
dzisiaj przeglądałem logi serwera i kilka rzeczy budzi moje wątpliwości skąd się to wzięło i dlaczego:
/var/log/auth.log
Cytuj
Feb 24 09:59:01 n4y CRON[5198]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 09:59:01 n4y CRON[5198]: pam_unix(cron:session): session closed for user root
Feb 24 10:00:01 n4y CRON[5246]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:00:01 n4y CRON[5246]: pam_unix(cron:session): session closed for user root
Feb 24 10:01:01 n4y CRON[5276]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:01:01 n4y CRON[5276]: pam_unix(cron:session): session closed for user root
Feb 24 10:02:01 n4y CRON[5303]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:02:01 n4y CRON[5303]: pam_unix(cron:session): session closed for user root
Feb 24 10:03:01 n4y CRON[5346]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:03:01 n4y CRON[5346]: pam_unix(cron:session): session closed for user root
Feb 24 10:04:01 n4y CRON[5374]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:04:01 n4y CRON[5374]: pam_unix(cron:session): session closed for user root
Feb 24 09:59:01 n4y CRON[5198]: pam_unix(cron:session): session closed for user root
Feb 24 10:00:01 n4y CRON[5246]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:00:01 n4y CRON[5246]: pam_unix(cron:session): session closed for user root
Feb 24 10:01:01 n4y CRON[5276]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:01:01 n4y CRON[5276]: pam_unix(cron:session): session closed for user root
Feb 24 10:02:01 n4y CRON[5303]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:02:01 n4y CRON[5303]: pam_unix(cron:session): session closed for user root
Feb 24 10:03:01 n4y CRON[5346]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:03:01 n4y CRON[5346]: pam_unix(cron:session): session closed for user root
Feb 24 10:04:01 n4y CRON[5374]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 24 10:04:01 n4y CRON[5374]: pam_unix(cron:session): session closed for user root
Cytuj
Feb 24 09:58:13 n4y proftpd[5170]: xx.xx.xx.xx (91.121.91.142[91.121.91.142]) - USER admin (Login failed): Incorrect password.
/var/log/httpd/error_log
Cytuj
[Fri Feb 24 10:13:31 2012] [error] [client xx.xx.xx.xx] File does not exist: /var/www/html/robots.txt
[Fri Feb 24 10:13:31 2012] [warn] [client xx.xx.xx.xx] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Fri Feb 24 10:14:37 2012] [error] [client xx.xx.xx.xx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
[Fri Feb 24 10:13:31 2012] [warn] [client xx.xx.xx.xx] mod_include: Options +Includes (or IncludesNoExec) wasn't set, INCLUDES filter removed
[Fri Feb 24 10:14:37 2012] [error] [client xx.xx.xx.xx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:)
/var/log/exim/rejectlog
Cytuj
012-02-24 09:44:01 H=(bbc.com) [27.47.143.236] F=<wsinmaaji@xxx.com> rejected RCPT <hrd@mojadomena.pl>:
/var/log/message
Cytuj
Feb 24 10:08:30 n4y freshclam[4610]: Received signal: wake up
Feb 24 10:08:30 n4y freshclam[4610]: ClamAV update process started at Fri Feb 24 10:08:30 2012
Feb 24 10:08:30 n4y freshclam[4610]: main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Feb 24 10:08:30 n4y freshclam[4610]: daily.cld is up to date (version: 14517, sigs: 108276, f-level: 63, builder: guitar)
Feb 24 10:08:30 n4y freshclam[4610]: bytecode.cvd is up to date (version: 167, sigs: 40, f-level: 63, builder: edwin)
Feb 24 10:08:30 n4y freshclam[4610]: ClamAV update process started at Fri Feb 24 10:08:30 2012
Feb 24 10:08:30 n4y freshclam[4610]: main.cvd is up to date (version: 54, sigs: 1044387, f-level: 60, builder: sven)
Feb 24 10:08:30 n4y freshclam[4610]: daily.cld is up to date (version: 14517, sigs: 108276, f-level: 63, builder: guitar)
Feb 24 10:08:30 n4y freshclam[4610]: bytecode.cvd is up to date (version: 167, sigs: 40, f-level: 63, builder: edwin)
/var/log/syslog
Cytuj
Feb 24 10:24:01 n4y /USR/SBIN/CRON[6072]: (root) CMD (/usr/local/directadmin/dataskq)
Feb 24 10:25:01 n4y /USR/SBIN/CRON[6101]: (root) CMD (/usr/local/directadmin/dataskq)
Feb 24 10:26:01 n4y /USR/SBIN/CRON[6155]: (root) CMD (/usr/local/directadmin/dataskq)
Feb 24 10:27:01 n4y /USR/SBIN/CRON[6184]: (root) CMD (/usr/local/directadmin/dataskq)
/var/log/mail.warm
Cytuj
Feb 21 10:48:48 s dovecot: master: Warning: Killed with signal 15 (by pid=29197 uid=0 code=kill)
Feb 22 11:57:58 s dovecot: master: Warning: Killed with signal 15 (by pid=8998 uid=0 code=kill)
Feb 24 09:56:50 n4y dovecot: master: Warning: Killed with signal 15 (by pid=5051 uid=0 code=kill)
Feb 22 11:57:58 s dovecot: master: Warning: Killed with signal 15 (by pid=8998 uid=0 code=kill)
Feb 24 09:56:50 n4y dovecot: master: Warning: Killed with signal 15 (by pid=5051 uid=0 code=kill)
/var/log/directadmin/error.log
Cytuj
2012:02:24-10:23:10: Can't connect to ssl!
2012:02:24-10:23:10: ->syscall
2012:02:24-10:25:16: Can't connect to ssl!
2012:02:24-10:25:16: ->syscall
2012:02:24-10:29:23: Can't connect to ssl!
2012:02:24-10:29:23: ->syscall
2012:02:24-10:23:10: ->syscall
2012:02:24-10:25:16: Can't connect to ssl!
2012:02:24-10:25:16: ->syscall
2012:02:24-10:29:23: Can't connect to ssl!
2012:02:24-10:29:23: ->syscall
/var/log/directadmin/errortaskq.log
Cytuj
2012:02:20-03:32:22: Unable to read /etc/virtual/swiat-kobiet.info_off/passwd
2012:02:20-03:32:23: Unable to read /etc/virtual/swiat-sportu.info_off/passwd
2012:02:20-03:32:23: Backup: sport : Unable to get data from file: /etc/bind/swiat-kobiet.info.db
2012:02:20-03:32:23: Backup: sport : Unable to get data from file: /etc/bind/swiat-sportu.info.db
2012:02:21-00:10:35: Unable to read user shop's data files
2012:02:21-00:10:37: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
2012:02:22-00:10:21: Unable to read user shop's data files
2012:02:22-00:10:22: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
2012:02:22-09:19:05: sshd didn't reload properly, re-starting
2012:02:22-09:33:01: Cannot find /usr/local/directadmin/data/users/stas/httpd.conf so it will not be added to /etc/httpd/conf/extra/directadmin-vhosts.conf.
2012:02:22-11:58:01: service directadmin wasn't running, starting it
2012:02:23-00:10:55: Unable to read user shop's data files
2012:02:23-00:10:56: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
2012:02:24-00:10:22: Unable to read user shop's data files
2012:02:24-00:10:24: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
2012:02:20-03:32:23: Unable to read /etc/virtual/swiat-sportu.info_off/passwd
2012:02:20-03:32:23: Backup: sport : Unable to get data from file: /etc/bind/swiat-kobiet.info.db
2012:02:20-03:32:23: Backup: sport : Unable to get data from file: /etc/bind/swiat-sportu.info.db
2012:02:21-00:10:35: Unable to read user shop's data files
2012:02:21-00:10:37: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
2012:02:22-00:10:21: Unable to read user shop's data files
2012:02:22-00:10:22: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
2012:02:22-09:19:05: sshd didn't reload properly, re-starting
2012:02:22-09:33:01: Cannot find /usr/local/directadmin/data/users/stas/httpd.conf so it will not be added to /etc/httpd/conf/extra/directadmin-vhosts.conf.
2012:02:22-11:58:01: service directadmin wasn't running, starting it
2012:02:23-00:10:55: Unable to read user shop's data files
2012:02:23-00:10:56: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
2012:02:24-00:10:22: Unable to read user shop's data files
2012:02:24-00:10:24: Tally::usageUser(): Unable to read user shop's usage file ./data/users/shop/user.conf
konta: sport, stas, shop
tego nie ma na serwerze... konta zostały pousuwane...
A i jeszcze przy reboocie serwer pada i technicy z Hetzner sami muszą go uruchamiać - kazali mi dodać "acpi=ht", - to dodaje się w /boot/grub/menu.lst w linijce kernel /vmlinuz-XXXXX root=/dev/md2 ro??
