Skocz do zawartości

.net

Użytkownicy
 Wyświetl profil  Zobacz jego aktywność

  • Zawartość

    37

  • Rejestracja

  • Ostatnio

Posty napisane przez .net

  10. Napisano · Raportuj odpowiedź

    Witajcie,

    są to moje początki z serwerem VPS i mam problemy, mianowicie do moich logów doszły dziwne wpisy.

    Dziś około 5 rano odczytałem dziwne logi, czy mógłby ktoś pomoc mi w ich analizie?

    Sep 3 00:37:23 nedbudge su[32291]: (pam_unix) session opened for user nobody by (uid=0)

    Sep 3 00:39:02 nedbudge CRON[11879]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 00:39:20 nedbudge CRON[11879]: (pam_unix) session closed for user root

    Sep 3 00:39:20 nedbudge /USR/SBIN/CRON[11880]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 00:40:50 nedbudge su[32291]: (pam_unix) session closed for user nobody

    Sep 3 00:40:58 nedbudge CRON[27966]: (pam_unix) session closed for user root

    Sep 3 00:40:58 nedbudge syslogd 1.4.1#18: restart.

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.crt

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/postfix/ssl/smtpd.crt','r'):

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: cannot load RSA certificate and key data

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: connect from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

    Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: NOQUEUE: reject: RCPT from 118-169-194-143.dynamic.hinet.net[118.169.194.143]: 554 5.7.1 <candy59839@yahoo.com.tw>: Relay access denied; from=<michael78694@MyMainServer.com> to=<candy59839@yahoo.com.tw> proto=SMTP helo=<www.MyMainServer.com>

    Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: lost connection after RCPT from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

    Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: disconnect from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

    Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max connection rate 1/60s for (smtp:118.169.194.143) at Sep 3 00:46:46

    Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max connection count 1 for (smtp:118.169.194.143) at Sep 3 00:46:46

    Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max cache size 1 at Sep 3 00:46:46

    Sep 3 01:06:01 nedbudge CRON[28065]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 01:06:01 nedbudge CRON[28065]: (pam_unix) session closed for user root

    Sep 3 01:06:01 nedbudge /USR/SBIN/CRON[28106]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 01:09:01 nedbudge CRON[9618]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 01:09:43 nedbudge CRON[9618]: (pam_unix) session closed for user root

    Sep 3 01:09:43 nedbudge /USR/SBIN/CRON[9622]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 01:37:43 nedbudge -- MARK --

    Sep 3 01:39:01 nedbudge CRON[1937]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 01:39:02 nedbudge CRON[1937]: (pam_unix) session closed for user root

    Sep 3 01:39:02 nedbudge /USR/SBIN/CRON[1938]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 01:57:43 nedbudge -- MARK --

    Sep 3 02:06:01 nedbudge CRON[9584]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 02:06:01 nedbudge CRON[9584]: (pam_unix) session closed for user root

    Sep 3 02:06:01 nedbudge /USR/SBIN/CRON[9586]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 02:09:01 nedbudge CRON[20159]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 02:09:01 nedbudge CRON[20159]: (pam_unix) session closed for user root

    Sep 3 02:09:01 nedbudge /USR/SBIN/CRON[20162]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 02:37:43 nedbudge -- MARK --

    Sep 3 02:39:01 nedbudge CRON[30377]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 02:39:03 nedbudge CRON[30377]: (pam_unix) session closed for user root

    Sep 3 02:39:03 nedbudge /USR/SBIN/CRON[30379]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 02:57:44 nedbudge -- MARK --

    Sep 3 03:06:01 nedbudge CRON[5561]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 03:06:01 nedbudge CRON[5561]: (pam_unix) session closed for user root

    Sep 3 03:06:01 nedbudge /USR/SBIN/CRON[5564]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 03:09:02 nedbudge CRON[19521]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 03:09:03 nedbudge CRON[19521]: (pam_unix) session closed for user root

    Sep 3 03:09:03 nedbudge /USR/SBIN/CRON[19522]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 03:37:44 nedbudge -- MARK --

    Sep 3 03:39:01 nedbudge CRON[5552]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 03:39:02 nedbudge /USR/SBIN/CRON[7541]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 03:39:03 nedbudge CRON[5552]: (pam_unix) session closed for user root

    Sep 3 03:57:44 nedbudge -- MARK --

    Sep 3 04:06:03 nedbudge CRON[13669]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 04:06:05 nedbudge CRON[13669]: (pam_unix) session closed for user root

    Sep 3 04:06:05 nedbudge /USR/SBIN/CRON[16106]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 04:09:02 nedbudge CRON[26210]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 04:09:10 nedbudge /USR/SBIN/CRON[26493]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 04:09:11 nedbudge CRON[26210]: (pam_unix) session closed for user root

    Sep 3 04:37:50 nedbudge -- MARK --

    Sep 3 04:39:12 nedbudge CRON[13901]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 04:39:24 nedbudge CRON[13901]: (pam_unix) session closed for user root

    Sep 3 04:39:24 nedbudge /USR/SBIN/CRON[17519]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 04:57:54 nedbudge -- MARK --

    Sep 3 05:02:06 nedbudge CRON[17843]: (pam_unix) session opened for user logcheck by (uid=0)

    Sep 3 05:02:14 nedbudge /USR/SBIN/CRON[19646]: (logcheck) CMD ( if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi)

    Z tego co mi sie wydaję ktos chciał wbic postfix/smtpd, bądź nawet i wbił, jakieś dziwny restart logchecka czego wczesniej nie było.

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: cannot load RSA certificate and key data

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: warning: 219.91.116.99: hostname NK219-91-116-99.adsl.dynamic.apol.com.tw verification failed: Name or service not known

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: connect from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: warning: 219.91.116.99: hostname NK219-91-116-99.adsl.dynamic.apol.com.tw verification failed: Name or service not known

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: connect from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: lost connection after CONNECT from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: disconnect from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: lost connection after CONNECT from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: disconnect from unknown[219.91.116.99]

    Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max connection rate 2/60s for (smtp:219.91.116.99) at Sep 3 06:48:26

    Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max connection count 1 for (smtp:219.91.116.99) at Sep 3 06:48:26

    Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max cache size 1 at Sep 3 06:48:26

    Sep 3 07:06:01 nedbudge CRON[31943]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 07:06:01 nedbudge CRON[31943]: (pam_unix) session closed for user root

    Sep 3 07:06:01 nedbudge /USR/SBIN/CRON[31944]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 07:09:01 nedbudge CRON[11523]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 07:09:01 nedbudge CRON[11523]: (pam_unix) session closed for user root

    Sep 3 07:09:01 nedbudge /USR/SBIN/CRON[11524]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 07:37:55 nedbudge -- MARK --

    Sep 3 07:39:01 nedbudge CRON[28291]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 07:39:01 nedbudge CRON[28291]: (pam_unix) session closed for user root

    Sep 3 07:39:01 nedbudge /USR/SBIN/CRON[28293]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 07:57:55 nedbudge -- MARK --

    Sep 3 08:06:01 nedbudge CRON[29947]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 08:06:01 nedbudge CRON[29947]: (pam_unix) session closed for user root

    Sep 3 08:06:01 nedbudge /USR/SBIN/CRON[29954]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 08:09:01 nedbudge CRON[9631]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 08:09:01 nedbudge CRON[9631]: (pam_unix) session closed for user root

    Sep 3 08:09:01 nedbudge /USR/SBIN/CRON[9633]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 08:37:55 nedbudge -- MARK --

    Sep 3 08:39:01 nedbudge CRON[29997]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 08:39:02 nedbudge CRON[29997]: (pam_unix) session closed for user root

    Sep 3 08:39:02 nedbudge /USR/SBIN/CRON[29998]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 08:57:55 nedbudge -- MARK --

    Sep 3 09:06:01 nedbudge CRON[3975]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 09:06:01 nedbudge CRON[3975]: (pam_unix) session closed for user root

    Sep 3 09:06:01 nedbudge /USR/SBIN/CRON[3977]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 09:09:01 nedbudge CRON[16137]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 09:09:11 nedbudge CRON[16137]: (pam_unix) session closed for user root

    Sep 3 09:09:11 nedbudge /USR/SBIN/CRON[16287]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 09:37:55 nedbudge -- MARK --

    Sep 3 09:39:01 nedbudge CRON[11497]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 09:39:03 nedbudge CRON[11497]: (pam_unix) session closed for user root

    Sep 3 09:39:03 nedbudge /USR/SBIN/CRON[11501]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 09:57:55 nedbudge -- MARK --

    Sep 3 10:02:01 nedbudge CRON[7472]: (pam_unix) session opened for user logcheck by (uid=0)

    Sep 3 10:02:02 nedbudge /USR/SBIN/CRON[7474]: (logcheck) CMD ( if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi)

    Kolejny log moim zdaniem podejrzany...

     

    Czy mógłby ktoś mi to wyjaśnić, czy znów będzie że 'lamusą' się nie pomaga tylko tym co już mają jakąś wiedze.

    Z góry przepraszam za wszelkie błędy ort.

    Pozdrawiam Konrad

  11. Napisano · Raportuj odpowiedź

    Witajcie,

    są to moje początki z serwerem VPS i mam problemy, mianowicie do moich logów doszły dziwne wpisy.

    Dziś około 5 rano odczytałem dziwne logi, czy mógłby ktoś pomoc mi w ich analizie?

     

    Sep 3 00:37:23 nedbudge su[32291]: (pam_unix) session opened for user nobody by (uid=0)

    Sep 3 00:39:02 nedbudge CRON[11879]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 00:39:20 nedbudge CRON[11879]: (pam_unix) session closed for user root

    Sep 3 00:39:20 nedbudge /USR/SBIN/CRON[11880]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 00:40:50 nedbudge su[32291]: (pam_unix) session closed for user nobody

    Sep 3 00:40:58 nedbudge CRON[27966]: (pam_unix) session closed for user root

    Sep 3 00:40:58 nedbudge syslogd 1.4.1#18: restart.

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: cannot get certificate from file /etc/postfix/ssl/smtpd.crt

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:02001002:system library:fopen:No such file or directory:bss_file.c:352:fopen('/etc/postfix/ssl/smtpd.crt','r'):

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: warning: TLS library problem: 16341:error:140DC002:SSL routines:SSL_CTX_use_certificate_chain_file:system lib:ssl_rsa.c:720:

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: cannot load RSA certificate and key data

    Sep 3 00:46:46 nedbudge postfix/smtpd[16341]: connect from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

    Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: NOQUEUE: reject: RCPT from 118-169-194-143.dynamic.hinet.net[118.169.194.143]: 554 5.7.1 <candy59839@yahoo.com.tw>: Relay access denied; from=<michael78694@MyMainServer.com> to=<candy59839@yahoo.com.tw> proto=SMTP helo=<www.MyMainServer.com>

    Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: lost connection after RCPT from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

    Sep 3 00:46:47 nedbudge postfix/smtpd[16341]: disconnect from 118-169-194-143.dynamic.hinet.net[118.169.194.143]

    Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max connection rate 1/60s for (smtp:118.169.194.143) at Sep 3 00:46:46

    Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max connection count 1 for (smtp:118.169.194.143) at Sep 3 00:46:46

    Sep 3 00:50:07 nedbudge postfix/anvil[16344]: statistics: max cache size 1 at Sep 3 00:46:46

    Sep 3 01:06:01 nedbudge CRON[28065]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 01:06:01 nedbudge CRON[28065]: (pam_unix) session closed for user root

    Sep 3 01:06:01 nedbudge /USR/SBIN/CRON[28106]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 01:09:01 nedbudge CRON[9618]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 01:09:43 nedbudge CRON[9618]: (pam_unix) session closed for user root

    Sep 3 01:09:43 nedbudge /USR/SBIN/CRON[9622]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 01:37:43 nedbudge -- MARK --

    Sep 3 01:39:01 nedbudge CRON[1937]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 01:39:02 nedbudge CRON[1937]: (pam_unix) session closed for user root

    Sep 3 01:39:02 nedbudge /USR/SBIN/CRON[1938]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 01:57:43 nedbudge -- MARK --

    Sep 3 02:06:01 nedbudge CRON[9584]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 02:06:01 nedbudge CRON[9584]: (pam_unix) session closed for user root

    Sep 3 02:06:01 nedbudge /USR/SBIN/CRON[9586]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 02:09:01 nedbudge CRON[20159]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 02:09:01 nedbudge CRON[20159]: (pam_unix) session closed for user root

    Sep 3 02:09:01 nedbudge /USR/SBIN/CRON[20162]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 02:37:43 nedbudge -- MARK --

    Sep 3 02:39:01 nedbudge CRON[30377]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 02:39:03 nedbudge CRON[30377]: (pam_unix) session closed for user root

    Sep 3 02:39:03 nedbudge /USR/SBIN/CRON[30379]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 02:57:44 nedbudge -- MARK --

    Sep 3 03:06:01 nedbudge CRON[5561]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 03:06:01 nedbudge CRON[5561]: (pam_unix) session closed for user root

    Sep 3 03:06:01 nedbudge /USR/SBIN/CRON[5564]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 03:09:02 nedbudge CRON[19521]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 03:09:03 nedbudge CRON[19521]: (pam_unix) session closed for user root

    Sep 3 03:09:03 nedbudge /USR/SBIN/CRON[19522]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 03:37:44 nedbudge -- MARK --

    Sep 3 03:39:01 nedbudge CRON[5552]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 03:39:02 nedbudge /USR/SBIN/CRON[7541]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 03:39:03 nedbudge CRON[5552]: (pam_unix) session closed for user root

    Sep 3 03:57:44 nedbudge -- MARK --

    Sep 3 04:06:03 nedbudge CRON[13669]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 04:06:05 nedbudge CRON[13669]: (pam_unix) session closed for user root

    Sep 3 04:06:05 nedbudge /USR/SBIN/CRON[16106]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 04:09:02 nedbudge CRON[26210]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 04:09:10 nedbudge /USR/SBIN/CRON[26493]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 04:09:11 nedbudge CRON[26210]: (pam_unix) session closed for user root

    Sep 3 04:37:50 nedbudge -- MARK --

    Sep 3 04:39:12 nedbudge CRON[13901]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 04:39:24 nedbudge CRON[13901]: (pam_unix) session closed for user root

    Sep 3 04:39:24 nedbudge /USR/SBIN/CRON[17519]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 04:57:54 nedbudge -- MARK --

    Sep 3 05:02:06 nedbudge CRON[17843]: (pam_unix) session opened for user logcheck by (uid=0)

    Sep 3 05:02:14 nedbudge /USR/SBIN/CRON[19646]: (logcheck) CMD ( if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi)

     

    Z tego co mi sie wydaję ktos chciał wbic postfix/smtpd, bądź nawet i wbił, jakieś dziwny restart logchecka czego wczesniej nie było.

     

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: cannot load RSA certificate and key data

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: warning: 219.91.116.99: hostname NK219-91-116-99.adsl.dynamic.apol.com.tw verification failed: Name or service not known

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: connect from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: warning: 219.91.116.99: hostname NK219-91-116-99.adsl.dynamic.apol.com.tw verification failed: Name or service not known

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: connect from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: lost connection after CONNECT from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[5132]: disconnect from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: lost connection after CONNECT from unknown[219.91.116.99]

    Sep 3 06:48:26 nedbudge postfix/smtpd[4070]: disconnect from unknown[219.91.116.99]

    Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max connection rate 2/60s for (smtp:219.91.116.99) at Sep 3 06:48:26

    Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max connection count 1 for (smtp:219.91.116.99) at Sep 3 06:48:26

    Sep 3 06:51:46 nedbudge postfix/anvil[5134]: statistics: max cache size 1 at Sep 3 06:48:26

    Sep 3 07:06:01 nedbudge CRON[31943]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 07:06:01 nedbudge CRON[31943]: (pam_unix) session closed for user root

    Sep 3 07:06:01 nedbudge /USR/SBIN/CRON[31944]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 07:09:01 nedbudge CRON[11523]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 07:09:01 nedbudge CRON[11523]: (pam_unix) session closed for user root

    Sep 3 07:09:01 nedbudge /USR/SBIN/CRON[11524]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 07:37:55 nedbudge -- MARK --

    Sep 3 07:39:01 nedbudge CRON[28291]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 07:39:01 nedbudge CRON[28291]: (pam_unix) session closed for user root

    Sep 3 07:39:01 nedbudge /USR/SBIN/CRON[28293]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 07:57:55 nedbudge -- MARK --

    Sep 3 08:06:01 nedbudge CRON[29947]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 08:06:01 nedbudge CRON[29947]: (pam_unix) session closed for user root

    Sep 3 08:06:01 nedbudge /USR/SBIN/CRON[29954]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 08:09:01 nedbudge CRON[9631]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 08:09:01 nedbudge CRON[9631]: (pam_unix) session closed for user root

    Sep 3 08:09:01 nedbudge /USR/SBIN/CRON[9633]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 08:37:55 nedbudge -- MARK --

    Sep 3 08:39:01 nedbudge CRON[29997]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 08:39:02 nedbudge CRON[29997]: (pam_unix) session closed for user root

    Sep 3 08:39:02 nedbudge /USR/SBIN/CRON[29998]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 08:57:55 nedbudge -- MARK --

    Sep 3 09:06:01 nedbudge CRON[3975]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 09:06:01 nedbudge CRON[3975]: (pam_unix) session closed for user root

    Sep 3 09:06:01 nedbudge /USR/SBIN/CRON[3977]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)

    Sep 3 09:09:01 nedbudge CRON[16137]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 09:09:11 nedbudge CRON[16137]: (pam_unix) session closed for user root

    Sep 3 09:09:11 nedbudge /USR/SBIN/CRON[16287]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 09:37:55 nedbudge -- MARK --

    Sep 3 09:39:01 nedbudge CRON[11497]: (pam_unix) session opened for user root by (uid=0)

    Sep 3 09:39:03 nedbudge CRON[11497]: (pam_unix) session closed for user root

    Sep 3 09:39:03 nedbudge /USR/SBIN/CRON[11501]: (root) CMD ( [ -d /var/lib/php5 ] && find /var/lib/php5/ -type f -cmin +$(/usr/lib/php5/maxlifetime) -print0 | xargs -r -0 rm)

    Sep 3 09:57:55 nedbudge -- MARK --

    Sep 3 10:02:01 nedbudge CRON[7472]: (pam_unix) session opened for user logcheck by (uid=0)

    Sep 3 10:02:02 nedbudge /USR/SBIN/CRON[7474]: (logcheck) CMD ( if [ -x /usr/sbin/logcheck ]; then nice -n10 /usr/sbin/logcheck; fi)

    Kolejny log moim zdaniem podejrzany...

     

    Czy mógłby ktoś mi to wyjaśnić, czy znów będzie że 'lamusą' się nie pomaga tylko tym co już mają jakąś wiedze.

    Z góry przepraszam za wszelkie błędy ort.

    Pozdrawiam Konrad

  14. Napisano · Raportuj odpowiedź

    Witajcie,

    w związku że jestem początkującym administratorem VPS ucze tylko jak mogę.

    Mam do Was kilka pytań w związku z logcheck.

    Logi na meila będą tylko przychodzić w razie problemów czy zawsze co godzinę?

    Można sprawdzić czy wszystko jest skonfigurowane ? (mam na myśli czy logi będą dochodzić)

    Czy poniższa edycja pliku jest prawidłowa?

    # The following variable settings are the initial default values,

    # which can be uncommented and modified to alter logcheck's behaviour

     

    # Controls the format of date-/time-stamps in subject lines:

    # Alternatively, set the format to suit your locale

     

    #DATE="$(date +'%Y-%m-%d %H:%M')"

     

    #

    # Controls the presence of boilerplate at the top of each message:

    # Alternatively, set to "0" to disable the introduction.

    #

    # If the files /etc/logcheck/header.txt and /etc/logcheck/footer.txt

    # are present their contents will be read and used as the header and

    # footer of any generated mails.

    #

    #INTRO=1

     

    # Controls the level of filtering:

    # Can be Set to "workstation", "server" or "paranoid" for different

    # levels of filtering. Defaults to server if not set.

     

    REPORTLEVEL="server"

     

    # Controls the address mail goes to:

    # *NOTE* the script does not set a default value for this variable!

    # Should be set to an offsite "emailaddress@some.domain.tld"

     

    SENDMAILTO="xxxx@xxx"

     

    # Should the hostname in the subject of generated mails be fully qualified?

    FQDN=1

     

    # Controls whether "sort -u" is used on log entries (which will

    # eliminate duplicates but destroy the original ordering); the

    # default is to use "sort -k 1,3 -s":

    # Alternatively, set to "1" to enable unique sorting

     

    #SORTUNIQ=0

     

    # Controls whether /etc/logcheck/cracking.ignore.d is scanned for

    # exceptions to the rules in /etc/logcheck/cracking.d:

    # Alternatively, set to "1" to enable cracking.ignore support

     

    #SUPPORT_CRACKING_IGNORE=0

     

    # Controls the base directory for rules file location

    # This must be an absolute path

     

    #RULEDIR="/etc/logcheck"

     

    # Controls if syslog-summary is run over each section.

    # Alternatively, set to "1" to enable extra summary.

     

    #SYSLOGSUMMARY=0

     

    # Controls Subject: lines on logcheck reports:

     

    #ATTACKSUBJECT="Security Alerts"

    #SECURITYSUBJECT="Security Events"

    #EVENTSSUBJECT="System Events"

     

    # Controls [logcheck] prefix on Subject: lines

     

    # ADDTAG="no"

     

    Pozdrawiam,

    Konrad

  22. Napisano · Raportuj odpowiedź

    Dodaj rekord typu A / CNAME w panelu.

    Heh.

     

    Dziękuję za nakierowanie mnie, aczkolwiek szukam, szperam, nie wiem, może już spie.

    W panelu, masz na myśli freedns ?

    I jak mam uzupełnić pola

    Alias oraz nazwa (cname)

    bądź A - Nazwa , IP

     

    Próbowałem w A dodać wpis

    nazwa: www.e-gfx.pl.

    IP przepisałem i zwraca mi błąd Błąd: zły rekord A www.e-gfx.pl.

  24. Napisano · Raportuj odpowiedź

    Witajcie,

    otóż mam problem.

    Cóż człowiek uczy się na błędach, aczkolwiek tego rozgryźć nie mogę.

     

    Gdy wpiszę adres swojej witryny bez www* strona wyświetla się poprawnie aczkolwiek gdy wpiszę z www* otrzymuję błąd ze nie odnaleziono serwera.

     

    Co w takim wypadku mogę zrobić? Proszę o pomoc w rozwiązaniu problemu.

     

    //C:\Documents and Settings\ned>ping www.e-gfx.pl

    Żądanie polecenia ping nie może znaleźć hosta www.e-gfx.pl. Sprawdź nazwę i ponó

    w próbę.

×