Re: /var/log/secure timestamp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On 14/12/06, Andres Baravalle <andres.baravalle@xxxxxxxxx> wrote:
Hi everyone,
I have some very strange information in my /var/log/secure:

find /var/log | xargs grep -i 62.149.129.73 2>/dev/null
/var/log/secure:Dec 13 21:32:38 baravalle xinetd[1219]: START: smtp
pid=26049 from=62.149.129.73
/var/log/secure:Dec 13 21:32:38 baravalle sshd[26048]: Did not receive
identification string from ::ffff:62.149.129.73
/var/log/secure:Dec 13 20:33:33 baravalle sshd[26059]: Failed none for
invalid user admin1000000 from ::ffff:62.149.129.73 port 3754 ssh2
/var/log/secure:Dec 13 21:33:42 baravalle sshd[26058]: Failed password
for invalid user admin1000000 from ::ffff:62.149.129.73 port 3754 ssh2
/var/log/secure:Dec 13 20:33:42 baravalle sshd[26059]: Failed password
for invalid user admin1000000 from ::ffff:62.149.129.73 port 3754 ssh2

Apparently someone tried to log in with a user name (I changed the
username here). I don't like the timestamps: 21:32:38, 20:33:33,
21:33:42, 20:33:42.

Why is that?

By the way, most probably the access has been done by my provider.
They are denying it, but there is overwhelming evidence: the username
used is the one that they gave me, which is the word admin and a
string of 7 digits. The username should be known just by me, my
business partner and my provider. The username was anyway invalid in
the system, because I had disabled SSH access from all users but the
ones in a group. Nevertheless, in their records, the provider had
another user name that I didn't disable (stupid me) because they did
some maintenance work not long ago. I can't see any access from the
correct user name since the last time I had authorised them to access
the server.

We covered something similar a little while back. Don't know if it's
the same problem you're seeing but this might help shed some light...

http://lists.centos.org/pipermail/centos/2006-November/072459.html

Will.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux