Link to home
Start Free TrialLog in
Avatar of x_terminat_or_3
x_terminat_or_3

asked on

WANTED: Cron Interpreter

Hi all

Since I'm new to Linux all together, I'm also not familiar with what CRON has to tell me in his reports.  

Could you please analyze the report below and tell me what it means.

I removed ALL personal data and where needed, replaced it with FICTIVE IP's, Hostnames, Emails,  directories,...

Here goes:

 ################### LogWatch 5.2.2 (06/23/04) ####################
       Processing Initiated: Mon Nov 22 04:02:02 2004
       Date Range Processed: yesterday
     Detail Level of Output: 0
          Logfiles for Host: myhost.mydomain.com
 ################################################################

 --------------------- Cron Begin ------------------------

**Unmatched Entries**
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)

 ---------------------- Cron End -------------------------


 --------------------- httpd Begin ------------------------


Connection attempts using mod_proxy:
   81.LOGGEDIP.01 -> 1.3.3.7:1337 : 2 Time(s)

A total of 1 sites probed the server
  81.MYFIXEDIP.00  

!!!! 139 possible successful probes
 /SQL_Admin/ HTTP Response 200
 ...ETC (139x)
 ---------------------- httpd End -------------------------


 --------------------- Init Begin ------------------------



Re-execs of init: 3 times

 ---------------------- Init End -------------------------


 --------------------- Kernel Begin ------------------------


WARNING:  Kernel Errors Present
   Buffer I/O error on device hda, l...:  28 Time(s)
   end_request: I/O error, dev hda, sector...:  36 Time(s)
   hda: command error: error=0x50...:  36 Time(s)
   hda: command error: status=0x51 { D...:  36 Time(s)
   vesafb: probe of vesafb0 failed with error -6...:  5 Time(s)

 ---------------------- Kernel End -------------------------


 --------------------- pam_unix Begin ------------------------

crond:
   Unknown Entries:
      session closed for user root: 24 Time(s)
      session opened for user root by (uid=0): 24 Time(s)

sshd:
   Authentication Failures:
      root (80.LOGGEDIP.02.HOSTNAME): 59 Time(s)
      unknown (80.LOGGEDIP.02.HOSTNAME): 41 Time(s)
      adm (80.LOGGEDIP.02.HOSTNAME): 2 Time(s)
      apache (80.LOGGEDIP.02.HOSTNAME): 1 Time(s)
      cyrus (80.LOGGEDIP.02.HOSTNAME): 1 Time(s)
      mysql (80.LOGGEDIP.02.HOSTNAME): 1 Time(s)
      nobody (80.LOGGEDIP.02.HOSTNAME): 1 Time(s)
      operator (80.LOGGEDIP.02.HOSTNAME): 1 Time(s)
   Invalid Users:
      Unknown Account: 41 Time(s)

su:
   Authentication Failures:
      fictusername(500) -> root: 2 Time(s)
      fictusername(500) -> cyrus: 1 Time(s)
   Sessions Opened:
      fictusername(uid=500) -> root: 32 Time(s)
      fictusername(uid=0) -> cyrus: 14 Time(s)
      (uid=0) -> cyrus: 7 Time(s)
      (uid=0) -> nobody: 4 Time(s)

system-config-packages:
   Unknown Entries:
      authentication failure; logname= uid=500 euid=0 tty= ruser=fictusername rhost=  user=root: 1 Time(s)

xscreensaver:
   Authentication Failures:
      fictusername(500,500) on display :0.0: 1 Time(s)
      root(500,500) on display :0.0: 1 Time(s)


 ---------------------- pam_unix End -------------------------


 --------------------- POP-3 Begin ------------------------


**Unmatched Entries**
   could not getenv(CYRUS_SERVICE); exiting: 1 Time(s)

 ---------------------- POP-3 End -------------------------

Nov 21 19:22:30 end_request: I/O error, dev hda, sector 1035392
Nov 21 19:22:30 end_request: I/O error, dev hda, sector 0
Nov 21 19:22:30 end_request: I/O error, dev hda, sector 0
Nov 21 19:22:30 end_request: I/O error, dev hda, sector 0
Nov 21 19:22:30 end_request: I/O error, dev hda, sector 1035392
Nov 21 19:22:30 end_request: I/O error, dev hda, sector 0
Nov 21 19:22:30 end_request: I/O error, dev hda, sector 0
Nov 21 22:07:52 end_request: I/O error, dev hda, sector 0
Nov 21 22:07:53 end_request: I/O error, dev hda, sector 8
Nov 21 22:07:54 end_request: I/O error, dev hda, sector 16
Nov 21 22:07:56 end_request: I/O error, dev hda, sector 24
Nov 21 22:08:00 end_request: I/O error, dev hda, sector 32
Nov 21 22:08:03 end_request: I/O error, dev hda, sector 40
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 48
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 56
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 64
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 72
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 80
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 88
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 96
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 104
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 112
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 120
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 0
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 512
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 520
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 528
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 536
Nov 21 22:08:05 end_request: I/O error, dev hda, sector 544
Nov 21 22:08:07 end_request: I/O error, dev hda, sector 552
Nov 21 22:08:07 end_request: I/O error, dev hda, sector 560
Nov 21 22:08:07 end_request: I/O error, dev hda, sector 568
Nov 21 22:08:07 end_request: I/O error, dev hda, sector 512
Nov 21 22:08:07 end_request: I/O error, dev hda, sector 0
Nov 21 22:08:07 end_request: I/O error, dev hda, sector 64
Nov 21 22:08:07 end_request: I/O error, dev hda, sector 0

 --------------------- Connections (secure-log) Begin ------------------------


Changed users GID:
   mailman: 41 -> 41

**Unmatched Entries**
userhelper[29247]: pam_timestamp: updated timestamp file `/somedir1/fictusername/2:root'
userhelper[29250]: running '/somedir2/rhn_register' with root privileges on behalf of 'fictusername'
userhelper[29754]: running '/somedir3/reboot' with root privileges on behalf of 'fictusername'
userhelper[4119]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' has unacceptable age (612 seconds), disallowing access to system-config-packages for UID 500
userhelper[4119]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4122]: running '/somedir2/system-config-packages' with root privileges on behalf of 'fictusername'
userhelper[4320]: pam_timestamp: updated timestamp file `/somedir1/root/unknown'
userhelper[4321]: running '/somedir2/system-config-packages' with root privileges on behalf of 'root'
userhelper[4308]: pam_timestamp: updated timestamp file `/somedir1/root/1'
userhelper[4309]: running '/somedir2/system-config-services' with root privileges on behalf of 'root'
userhelper[4583]: pam_timestamp: updated timestamp file `/somedir1/root/1'
userhelper[4584]: running '/somedir2/system-config-services' with root privileges on behalf of 'root'
userhelper[5094]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5097]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-8.13.1-2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5100]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 10 seconds old, allowing access to system-install-packages for UID 500
userhelper[5100]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5103]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-cf-8.13.1-2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5106]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 6 seconds old, allowing access to system-install-packages for UID 500
userhelper[5106]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5109]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-devel-8.13.1-2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5113]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 14 seconds old, allowing access to system-install-packages for UID 500
userhelper[5113]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5116]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-doc-8.13.1-2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5157]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 246 seconds old, allowing access to system-install-packages for UID 500
userhelper[5157]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5160]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-8.13.1-2.2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5164]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 49 seconds old, allowing access to system-install-packages for UID 500
userhelper[5164]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5167]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-8.13.1-2.2.i386(1).rpm' with root privileges on behalf of 'fictusername'
userhelper[5173]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 57 seconds old, allowing access to system-install-packages for UID 500
userhelper[5173]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5176]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/libdbi-0.6.5-10.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5180]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 14 seconds old, allowing access to system-install-packages for UID 500
userhelper[5180]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5183]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/libdbi-dbd-mysql-0.6.5-10.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5186]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 28 seconds old, allowing access to system-install-packages for UID 500
userhelper[5186]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5189]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-cf-8.13.1-2.2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5193]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 14 seconds old, allowing access to system-install-packages for UID 500
userhelper[5193]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5196]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-8.13.1-2.2.i386(2).rpm' with root privileges on behalf of 'fictusername'
userhelper[5200]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 13 seconds old, allowing access to system-install-packages for UID 500
userhelper[5200]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5203]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-devel-8.13.1-2.2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5206]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 12 seconds old, allowing access to system-install-packages for UID 500
userhelper[5206]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5209]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/sendmail-doc-8.13.1-2.2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5214]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 46 seconds old, allowing access to system-install-packages for UID 500
userhelper[5214]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5217]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/up2date-4.3.52-3.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5220]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 15 seconds old, allowing access to system-install-packages for UID 500
userhelper[5220]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5223]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/totem-0.99.19-2.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5227]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 24 seconds old, allowing access to system-install-packages for UID 500
userhelper[5227]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5232]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/gstreamer-0.8.7-6.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5233]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 0 seconds old, allowing access to system-install-packages for UID 500
userhelper[5233]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5236]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/gstreamer-0.8.7-6.i386(1).rpm' with root privileges on behalf of 'fictusername'
userhelper[5244]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 30 seconds old, allowing access to system-install-packages for UID 500
userhelper[5244]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5247]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/gstreamer-plugins-0.8.5-3.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5262]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 14 seconds old, allowing access to system-install-packages for UID 500
userhelper[5262]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5265]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/totem-0.99.19-2.i386(1).rpm' with root privileges on behalf of 'fictusername'
userhelper[5345]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 225 seconds old, allowing access to system-install-packages for UID 500
userhelper[5345]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5348]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/gstreamer-plugins-0.8.5-3.i386(1).rpm' with root privileges on behalf of 'fictusername'
userhelper[5407]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' has unacceptable age (349 seconds), disallowing access to system-install-packages for UID 500
userhelper[5407]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5410]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/xmms-1.2.10-9.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[6325]: pam_timestamp: updated timestamp file `/somedir1/root/2'
userhelper[6326]: running '/somedir2/system-config-services' with root privileges on behalf of 'root'
userhelper[6607]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' has unacceptable age (4287 seconds), disallowing access to system-logviewer for UID 500
userhelper[6607]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[6610]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[6646]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 213 seconds old, allowing access to system-config-services for UID 500
userhelper[6646]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[6649]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[6749]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 128 seconds old, allowing access to system-config-services for UID 500
userhelper[6749]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[6752]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[6927]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 54 seconds old, allowing access to system-logviewer for UID 500
userhelper[6927]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[6930]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[6953]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 118 seconds old, allowing access to system-config-services for UID 500
userhelper[6953]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[6956]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[7214]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 58 seconds old, allowing access to system-logviewer for UID 500
userhelper[7214]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[7217]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[7611]: running '/somedir3/reboot --help' with root privileges on behalf of 'fictusername'
userhelper[7628]: running '/somedir3/reboot' with root privileges on behalf of 'fictusername'
userhelper[4344]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4347]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[4384]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 21 seconds old, allowing access to system-logviewer for UID 500
userhelper[4384]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4387]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[4392]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 110 seconds old, allowing access to system-logviewer for UID 500
userhelper[4392]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4395]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[4692]: pam_timestamp: updated timestamp file `/somedir1/root/1'
userhelper[4693]: running '/somedir2/system-config-services' with root privileges on behalf of 'root'
userhelper[4794]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' has unacceptable age (1616 seconds), disallowing access to system-config-services for UID 500
userhelper[4794]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4797]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[4815]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 37 seconds old, allowing access to system-config-securitylevel for UID 500
userhelper[4815]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4818]: running '/somedir4/share/system-config-securitylevel/system-config-securitylevel.py' with root privileges on behalf of 'fictusername'
userhelper[5237]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 197 seconds old, allowing access to system-config-securitylevel for UID 500
userhelper[5237]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5240]: running '/somedir4/share/system-config-securitylevel/system-config-securitylevel.py' with root privileges on behalf of 'fictusername'
userhelper[5257]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 60 seconds old, allowing access to system-config-services for UID 500
userhelper[5257]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5260]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[5479]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 78 seconds old, allowing access to system-logviewer for UID 500
userhelper[5479]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5482]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[5504]: running '/somedir3/reboot' with root privileges on behalf of 'fictusername'
userhelper[4310]: pam_timestamp: updated timestamp file `/somedir1/fictusername/1:root'
userhelper[4313]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[5242]: pam_timestamp: updated timestamp file `/somedir1/root/1'
userhelper[5243]: running '/somedir2/system-config-services' with root privileges on behalf of 'root'
userhelper[5792]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5796]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/mozilla-1.7.3-19.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5804]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 49 seconds old, allowing access to system-install-packages for UID 500
userhelper[5804]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5807]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/mozilla-nspr-1.7.3-19.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5811]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 22 seconds old, allowing access to system-install-packages for UID 500
userhelper[5811]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5814]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/mozilla-nss-1.7.3-19.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[5820]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 30 seconds old, allowing access to system-install-packages for UID 500
userhelper[5820]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5823]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/mozilla-1.7.3-19.i386(1).rpm' with root privileges on behalf of 'fictusername'
userhelper[5828]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 18 seconds old, allowing access to system-install-packages for UID 500
userhelper[5828]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5831]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/mozilla-nss-1.7.3-19.i386(1).rpm' with root privileges on behalf of 'fictusername'
userhelper[5834]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 27 seconds old, allowing access to system-install-packages for UID 500
userhelper[5834]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5837]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/mozilla-nspr-1.7.3-19.i386(1).rpm' with root privileges on behalf of 'fictusername'
userhelper[5842]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 22 seconds old, allowing access to system-install-packages for UID 500
userhelper[5842]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[5845]: running '/somedir2/system-install-packages /home/fictusername/Desktop/Downloads/mozilla-mail-1.7.3-19.i386.rpm' with root privileges on behalf of 'fictusername'
userhelper[11495]: pam_timestamp: updated timestamp file `/somedir1/root/1'
userhelper[11496]: running '/somedir2/system-config-services' with root privileges on behalf of 'root'
userhelper[11964]: pam_timestamp: updated timestamp file `/somedir1/root/2'
userhelper[11965]: running '/somedir2/system-install-packages apt.rpm' with root privileges on behalf of 'root'
userhelper[11992]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' has unacceptable age (9700 seconds), disallowing access to system-config-securitylevel for UID 500
userhelper[11992]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[11995]: running '/somedir4/share/system-config-securitylevel/system-config-securitylevel.py' with root privileges on behalf of 'fictusername'
userhelper[12089]: pam_timestamp: updated timestamp file `/somedir1/root/3'
userhelper[12090]: running '/somedir2/system-config-services' with root privileges on behalf of 'root'
usermod[15316]: change user `dovecot' shell from `/somedir3/nologin' to `/somedir3/nologin'
usermod[15824]: change user `gdm' shell from `/somedir3/nologin' to `/somedir3/nologin'
usermod[18664]: change user `mailman' shell from `/somedir3/nologin' to `/somedir3/nologin'
userhelper[19642]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' has unacceptable age (7049 seconds), disallowing access to system-logviewer for UID 500
userhelper[19642]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[19645]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[4632]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4635]: running '/somedir4/share/system-logviewer/system-logviewer.py' with root privileges on behalf of 'fictusername'
userhelper[4665]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 153 seconds old, allowing access to up2date-config for UID 500
userhelper[4665]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4668]: running '/somedir2/up2date-config' with root privileges on behalf of 'fictusername'
userhelper[4672]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 28 seconds old, allowing access to system-config-services for UID 500
userhelper[4672]: pam_timestamp: updated timestamp file `/somedir1/fictusername/unknown:root'
userhelper[4675]: running '/somedir2/system-config-services' with root privileges on behalf of 'fictusername'
userhelper[4831]: pam_timestamp: timestamp file `/somedir1/fictusername/unknown:root' is only 285 seconds old, allowing access to hwbrowser for UID 500
userhelper[4834]: running '/somedir4/share/hwbrowser/hwbrowser' with root privileges on behalf of 'fictusername'

 ---------------------- Connections (secure-log) End -------------------------


 --------------------- sendmail Begin ------------------------



Bytes Transferred: 1096451
Messages Sent:     19
Total recipients:  19

WARNING!!!!
Possible Attack:
   Attempt from myhost.mydomain.com [81.MYFIXEDIP.00] with:
      command=HELO/EHLO, count=3 : 1 Time(s)


Client quit before communicating:
    81.LOGEDIP.03 : 1 Time(s)


Authentication warnings:
    fictusername set sender to fictusername@mydomain.com using -f: 4 Time(s)

**Unmatched Entries**
   SYSERR(root): /etc/mail/sendmail.cf: line 1002: unknown configuration line "\001S=N < @ \001=w . >\t\001: \001#local \001: \0011": 4 Time(s)
   DSN: Data format error: 3 Time(s)
   ruleset=check_rcpt, arg1=ssey1002@logeddomain.net, relay=[222.101.168.16], reject=550 5.7.1 ssey1002@logeddomain.net... Relaying denied. IP name lookup failed [222.101.168.16]: 1 Time(s)

 ---------------------- sendmail End -------------------------


 --------------------- SSHD Begin ------------------------


SSHD Killed: 5 Time(s)

SSHD Started: 4 Time(s)

Failed to bind:
   0.0.0.0 port 22 (Address already in use) : 4 Time(s)

Failed logins from these:
   adm/password from ::ffff:80.LOGEDIP.04: 2 Time(s)
   apache/password from ::ffff:80.LOGEDIP.04: 1 Time(s)
   cyrus/password from ::ffff:80.LOGEDIP.04: 1 Time(s)
   mysql/password from ::ffff:80.LOGEDIP.04: 1 Time(s)
   nobody/password from ::ffff:80.LOGEDIP.04: 1 Time(s)
   operator/password from ::ffff:80.LOGEDIP.04: 1 Time(s)
   root/password from ::ffff:80.LOGEDIP.04: 59 Time(s)

**Unmatched Entries**
Invalid user patrick from ::ffff:80.LOGEDIP.04
Failed password for invalid user patrick from ::ffff:80.LOGEDIP.04 port 38699 ssh2
Invalid user patrick from ::ffff:80.LOGEDIP.04
Failed password for invalid user patrick from ::ffff:80.LOGEDIP.04 port 38767 ssh2
Invalid user rolo from ::ffff:80.LOGEDIP.04
Failed password for invalid user rolo from ::ffff:80.LOGEDIP.04 port 39170 ssh2
Invalid user iceuser from ::ffff:80.LOGEDIP.04
Failed password for invalid user iceuser from ::ffff:80.LOGEDIP.04 port 39237 ssh2
Invalid user horde from ::ffff:80.LOGEDIP.04
Failed password for invalid user horde from ::ffff:80.LOGEDIP.04 port 39310 ssh2
Invalid user www from ::ffff:80.LOGEDIP.04
Failed password for invalid user www from ::ffff:80.LOGEDIP.04 port 39443 ssh2
Invalid user wwwrun from ::ffff:80.LOGEDIP.04
Failed password for invalid user wwwrun from ::ffff:80.LOGEDIP.04 port 39512 ssh2
Invalid user matt from ::ffff:80.LOGEDIP.04
Failed password for invalid user matt from ::ffff:80.LOGEDIP.04 port 39578 ssh2
Invalid user test from ::ffff:80.LOGEDIP.04
Failed password for invalid user test from ::ffff:80.LOGEDIP.04 port 39642 ssh2
Invalid user test from ::ffff:80.LOGEDIP.04
Failed password for invalid user test from ::ffff:80.LOGEDIP.04 port 39708 ssh2
Invalid user test from ::ffff:80.LOGEDIP.04
Failed password for invalid user test from ::ffff:80.LOGEDIP.04 port 39774 ssh2
Invalid user test from ::ffff:80.LOGEDIP.04
Failed password for invalid user test from ::ffff:80.LOGEDIP.04 port 39842 ssh2
Invalid user www-data from ::ffff:80.LOGEDIP.04
Failed password for invalid user www-data from ::ffff:80.LOGEDIP.04 port 40305 ssh2
Invalid user irc from ::ffff:80.LOGEDIP.04
Failed password for invalid user irc from ::ffff:80.LOGEDIP.04 port 41796 ssh2
Invalid user irc from ::ffff:80.LOGEDIP.04
Failed password for invalid user irc from ::ffff:80.LOGEDIP.04 port 42264 ssh2
Invalid user jane from ::ffff:80.LOGEDIP.04
Failed password for invalid user jane from ::ffff:80.LOGEDIP.04 port 44154 ssh2
Invalid user pamela from ::ffff:80.LOGEDIP.04
Failed password for invalid user pamela from ::ffff:80.LOGEDIP.04 port 44198 ssh2
Invalid user cosmin from ::ffff:80.LOGEDIP.04
Failed password for invalid user cosmin from ::ffff:80.LOGEDIP.04 port 46024 ssh2
Invalid user cip52 from ::ffff:80.LOGEDIP.04
Failed password for invalid user cip52 from ::ffff:80.LOGEDIP.04 port 55869 ssh2
Invalid user cip51 from ::ffff:80.LOGEDIP.04
Failed password for invalid user cip51 from ::ffff:80.LOGEDIP.04 port 56281 ssh2
Invalid user noc from ::ffff:80.LOGEDIP.04
Failed password for invalid user noc from ::ffff:80.LOGEDIP.04 port 56702 ssh2
Invalid user webmaster from ::ffff:80.LOGEDIP.04
Failed password for invalid user webmaster from ::ffff:80.LOGEDIP.04 port 57946 ssh2
Invalid user data from ::ffff:80.LOGEDIP.04
Failed password for invalid user data from ::ffff:80.LOGEDIP.04 port 58354 ssh2
Invalid user user from ::ffff:80.LOGEDIP.04
Failed password for invalid user user from ::ffff:80.LOGEDIP.04 port 58361 ssh2
Invalid user user from ::ffff:80.LOGEDIP.04
Failed password for invalid user user from ::ffff:80.LOGEDIP.04 port 58368 ssh2
Invalid user user from ::ffff:80.LOGEDIP.04
Failed password for invalid user user from ::ffff:80.LOGEDIP.04 port 58775 ssh2
Invalid user web from ::ffff:80.LOGEDIP.04
Failed password for invalid user web from ::ffff:80.LOGEDIP.04 port 59181 ssh2
Invalid user web from ::ffff:80.LOGEDIP.04
Failed password for invalid user web from ::ffff:80.LOGEDIP.04 port 59188 ssh2
Invalid user oracle from ::ffff:80.LOGEDIP.04
Failed password for invalid user oracle from ::ffff:80.LOGEDIP.04 port 59594 ssh2
Invalid user sybase from ::ffff:80.LOGEDIP.04
Failed password for invalid user sybase from ::ffff:80.LOGEDIP.04 port 59601 ssh2
Invalid user master from ::ffff:80.LOGEDIP.04
Failed password for invalid user master from ::ffff:80.LOGEDIP.04 port 60007 ssh2
Invalid user account from ::ffff:80.LOGEDIP.04
Failed password for invalid user account from ::ffff:80.LOGEDIP.04 port 60413 ssh2
Invalid user backup from ::ffff:80.LOGEDIP.04
Failed password for invalid user backup from ::ffff:80.LOGEDIP.04 port 60418 ssh2
Invalid user server from ::ffff:80.LOGEDIP.04
Failed password for invalid user server from ::ffff:80.LOGEDIP.04 port 60822 ssh2
Invalid user adam from ::ffff:80.LOGEDIP.04
Failed password for invalid user adam from ::ffff:80.LOGEDIP.04 port 60827 ssh2
Invalid user alan from ::ffff:80.LOGEDIP.04
Failed password for invalid user alan from ::ffff:80.LOGEDIP.04 port 33001 ssh2
Invalid user frank from ::ffff:80.LOGEDIP.04
Failed password for invalid user frank from ::ffff:80.LOGEDIP.04 port 33405 ssh2
Invalid user george from ::ffff:80.LOGEDIP.04
Failed password for invalid user george from ::ffff:80.LOGEDIP.04 port 33409 ssh2
Invalid user henry from ::ffff:80.LOGEDIP.04
Failed password for invalid user henry from ::ffff:80.LOGEDIP.04 port 33813 ssh2
Invalid user john from ::ffff:80.LOGEDIP.04
Failed password for invalid user john from ::ffff:80.LOGEDIP.04 port 33818 ssh2
Invalid user test from ::ffff:80.LOGEDIP.04
Failed password for invalid user test from ::ffff:80.LOGEDIP.04 port 35845 ssh2
Bad protocol version identification 'qsdf' from ::ffff:81.MYFIXEDIP.00

 ---------------------- SSHD End -------------------------



------------------ Disk Space --------------------

/dev/mapper/VolGroup00-LogVol00
/dev/hdb1              99M   11M   83M  12% /boot
/dev/hdb2             3.0G   97M  2.9G   4% /shared


 ###################### LogWatch End #########################




With kind regards



Ramses (x_terminat_or_3)
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

Ok, I understand about hda

>vesafb: probe of vesafb0 failed <<-- is this hd also?


What about the other entries? (httpd, pop, pam_unix, ...)



My todo list:

1. su root, shutdown -rF


Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

UPDATE

extract of fstab

/dev/hda                /media/cdrecorder

--> /dev/hda is my dvd drive ....   no need to check filesystem then

My todo list

<empty>
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

Wes, the /dev/hda is my dvd drive...  (just found out)
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

I see in the log, that there are connection attempts with xx.LOGEDIP.01, 02,03,04  and they are not users I authorized, and this on all kinds of service ports.  Is it necessary for a web server with httpd, mysql, pop, smtp to have these ports open, and if not, how do I close ALL ports, except http, https, pop, pops, smtp, and mysql ?


This still  leaves

vesaprobe thing


Failed to bind:
   0.0.0.0 port 22 (Address already in use) : 4 Time(s)

 --------------------- Cron Begin ------------------------

**Unmatched Entries**
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)
STARTUP (V5.0)

 ---------------------- Cron End -------------------------


And

onnection attempts using mod_proxy:
   81.LOGGEDIP.01 -> 1.3.3.7:1337 : 2 Time(s)

A total of 1 sites probed the server
  81.MYFIXEDIP.00  

!!!! 139 possible successful probes
 /SQL_Admin/ HTTP Response 200
 ...ETC (139x)

SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

Yeah but does that mean that someone is trying to hack into my system?
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

but the ssh is for what?
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

about the firewall, I'm getting a router with integrated firewall shortly....  but till then, in the iptables, there are some options:


                                         &#9484;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9508; Firewall Configuration - Customize &#9500;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9472;&#9488;
                                         &#9474;                                                                                                                                                                  &#9474;
                                         &#9474; You can customize your firewall in two ways. First, you can select  
                                         &#9474; to allow all traffic from certain network interfaces. Second, you      &#9474;
                                         &#9474; can allow certain protocols explicitly through the firewall. Specify   &#9474;
                                         &#9474; additional ports in the form 'service:protocol', such as 'imap:tcp'.   &#9474;
                                         &#9474;                                                                        &#9474;
                                         &#9474; Trusted Devices: [ ] broadcom                                          &#9474;
                                         &#9474;                                                                        &#9474;
                                         &#9474; Allow incoming:  [ ] SSH        [*] Telnet                             &#9474;
                                         &#9474;                  [*] WWW (HTTP) [*] Mail (SMTP) [*] FTP                &#9474;
                                         &#9474;                  Other ports https:tcp pop3:tcp_______                 &#9474;
                                         &#9474;                                                                


Should I check eth0 (broadcom) as trusted device or should I only check the ports?  About mysql, its using sockets rather then ports so no prob there
ASKER CERTIFIED SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

OK, I did that, and then tried a probe (www.grc.com)  and only the ports I specified are open!  --> FIXED

--------------------- POP-3 Begin ------------------------
**Unmatched Entries**
   could not getenv(CYRUS_SERVICE); exiting: 1 Time(s)

^^^^^^^^^^^^^ what does that mean?


!!!! 139 possible successful probes
 /SQL_Admin/ HTTP Response 200
 ...ETC (139x)

This is a program that is run localy on my server.  But how come it mentiones this in the log?  (possible successful probes)  HTTP 200 = OK ?
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

could not getenv(CYRUS_SERVICE); exiting: 1 Time(s)

I found out what was wrong:

http://docsrv.sco.com:8457/en/doc/packages/scomsg/en/cyrus-imapd/install-configure.html#master

Look at the line just above:

12. Remove "/etc/[x]inetd.conf" entries. Any imap, imaps, pop3, pop3s, kpop, lmtp and sieve lines need to be removed from /etc/[x]inetd.conf and [x]inetd needs to be restarted

Also, I had put an entry destined for inetd.conf into xinetd.conf


PROBS FIXED:
1. Security   ---------------    OK
2. Cyrus      ----------------    OK
3. Kernel:  NOT FIXED:
WARNING:  Kernel Errors Present
   vesafb: probe of vesafb0 failed with error -6...:  5 Time(s)


SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

____________________________
No, this occured on a clean install
======================

what is the vesafb probe in fact?
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

So what should I do with it... Ignore?
SOLUTION
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of x_terminat_or_3
x_terminat_or_3

ASKER

Well my X is working fine.  .. .. ..

Well Wesley

I wish to thank you (again) for your efforts in bringing light on dark places in Linux...


I know I will call upon your services again before long... hopefully will you be able to respond.



Until then



With kindest regards



Ramses
Avatar of wesly_chen
wesly_chen
Flag of United States of America image
You're welcome.
I'm also learning while I try to help.

Regards,

Wesly