cyberdome |
04-04-2014 05:17 AM |
I think my Fedora server got HACKED??!!! I don't know what to do next?.
I am a linux newbie, I am completely new to linux.
I am looking at my audit.log file, I see many attempts, in the end of the line. it says 'res=success'
that to me does not look good. not a good sign when you see success?
please, can someone help me guide to the next step. what should I do next?
Code:
s=failed'
type=USER_AUTH msg=audit(1396578042.454:9684): pid=6277 uid=0 auid=4294967295 ses=4294967295 msg='op=password acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1396578042.454:9685): pid=6277 uid=0 auid=4294967295 ses=4294967295 msg='op=maxtries exceeded acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1396578042.454:9686): pid=6277 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=6278 suid=74 rport=54072 laddr=192.168.1.15 lport=22 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578042.454:9687): pid=6277 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=6278 suid=74 rport=54072 laddr=192.168.1.15 lport=22 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578042.455:9688): pid=6277 uid=0 auid=4294967295 res=success'
type=CRYPTO_SESSION msg=audit(1396578043.710:9693): pid=6279 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes128-cbc ksize=128 mac=hmac-sha1 spid=6280 suid=74 rport=54576 laddr=192.168.1.15 lport exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1396578043.711:9694): pid=6279 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes128-cbc ksize=128 mac=hmac-sha1 spid=6280 suid=74 rport=54576 laddr=192.168.1.15 lport exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=USER_LOGIN msg=audit(1396578044.997:9695): pid=6279 uid=0 auid=4294967295 ses=4294967295 mssr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1396578047.733:9704): pid=6282 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=02:78:bc:a5:90:96:f8:4d:cb:b3:c9:48:75:81:a9:12 direction=? spid=6282 suid=0 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578047.733:9705): pid=6282 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=b0:17:07:3a:7b:34:40:14:e9:da:c2:9f:62:e5:d3:01 direction=? spid=6282 suid=0 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1396578048.024:9706): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes128-cbc ksize=128 mac=hmac-sha1 spid=6282 suid=74 rport=55111 laddr=192.168.1.15 lport exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1396578048.024:9707): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes128-cbc ksize=128 mac=hmac-sha1 spid=6282 suid=74 rport=55111 laddr=192.168.1.15 lport exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=USER_LOGIN msg=audit(1396578049.305:9708): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1396578051.698:9709): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="?" exe="/usr/sbin/sshd" hostname=221.194.57.246 addr=221.194.57.246 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1396578051.698:9710): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=password acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1396578051.698:9711): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=maxtries exceeded acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1396578051.698:9712): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=6282 suid=74 rport=55111 laddr=192.168.1.15 lport=22 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578051.698:9713): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=6282 suid=74 rport=55111 laddr=192.168.1.15 lport=22 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578051.699:9714): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=02:78:bc:a5:90:96:f8:4d:cb:b3:c9:48:75:81:a9:12 direction=? spid=6281 suid=0 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578051.699:9715): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=b0:17:07:3a:7b:34:40:14:e9:da:c2:9f:62:e5:d3:01 direction=? spid=6281 suid=0 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=USER_LOGIN msg=audit(1396578051.699:9716): pid=6281 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1396578052.576:9717): pid=6284 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=02:78:bc:a5:90:96:f8:4d:cb:b3:c9:48:75:81:a9:12 direction=? spid=6284 suid=0 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578052.576:9718): pid=6284 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=server fp=b0:17:07:3a:7b:34:40:14:e9:da:c2:9f:62:e5:d3:01 direction=? spid=6284 suid=0 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1396578052.872:9719): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-client cipher=aes128-cbc ksize=128 mac=hmac-sha1 spid=6284 suid=74 rport=55710 laddr=192.168.1.15 lport exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_SESSION msg=audit(1396578052.872:9720): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=start direction=from-server cipher=aes128-cbc ksize=128 mac=hmac-sha1 spid=6284 suid=74 rport=55710 laddr=192.168.1.15 lport exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=USER_LOGIN msg=audit(1396578054.173:9721): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=login acct=28756E6B6E6F776E207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1396578056.254:9722): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=PAM:authentication acct="?" exe="/usr/sbin/sshd" hostname=221.194.57.246 addr=221.194.57.246 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1396578056.254:9723): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=password acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=USER_AUTH msg=audit(1396578056.254:9724): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=maxtries exceeded acct=28696E76616C6964207573657229 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=ssh res=failed'
type=CRYPTO_KEY_USER msg=audit(1396578056.254:9725): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=6284 suid=74 rport=55710 laddr=192.168.1.15 lport=22 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? res=success'
type=CRYPTO_KEY_USER msg=audit(1396578056.254:9726): pid=6283 uid=0 auid=4294967295 ses=4294967295 msg='op=destroy kind=session fp=? direction=both spid=6284 suid=74 rport=55710 laddr=192.168.1.15 lport=22 exe="/usr/sbin/sshd" hostname=? addr=221.194.57.246 terminal=? d'
|