LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page security problem
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-21-2008, 11:48 AM   #1
ayush1440
Member
 
Registered: Dec 2007
Posts: 75

Rep: Reputation: 15
security problem

hello frends..

I m using Fedora core 6 and currelty dns, apache, Samba-window server, mail server are running on this server.
Yesterday i use bittorrent downloader. Now today may be somebody try to login in my pc. Here is log file

--------------------- pam_unix Begin ------------------------

runuser:
Unknown Entries:
session closed for user beaglidx: 4 Time(s)
session opened for user beaglidx by (uid=0): 4 Time(s)

runuser-l:
Unknown Entries:
session closed for user postgres: 1 Time(s)
session opened for user postgres by (uid=0): 1 Time(s)

sshd:
Authentication Failures:
unknown (122x212x230x101.ap122.ftth.ucom.ne.jp): 93 Time(s)
unknown (75.146.23.92): 93 Time(s)
unknown (128.134.101.39): 66 Time(s)
root (75.146.23.92): 39 Time(s)
root (128.134.101.39): 15 Time(s)
unknown (84.200.228.50): 11 Time(s)
admin (128.134.101.39): 7 Time(s)
admin (75.146.23.92): 4 Time(s)
unknown (211.41.128.92): 4 Time(s)
amanda (75.146.23.92): 3 Time(s)
root (211.41.128.92): 3 Time(s)
admin (211.41.128.92): 2 Time(s)
root (202.103.25.139): 2 Time(s)
adm (128.134.101.39): 1 Time(s)
admin (220.225.20.66): 1 Time(s)
admin (84.200.228.50): 1 Time(s)
amavis (61.47.2.168): 1 Time(s)
apache (128.134.101.39): 1 Time(s)
apache (75.146.23.92): 1 Time(s)
ftp (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
ftp (128.134.101.39): 1 Time(s)
ftp (84.200.228.50): 1 Time(s)
games (128.134.101.39): 1 Time(s)
gopher (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
ident (128.134.101.39): 1 Time(s)
mail (128.134.101.39): 1 Time(s)
mysql (128.134.101.39): 1 Time(s)
mysql (84.200.228.50): 1 Time(s)
named (128.134.101.39): 1 Time(s)
news (128.134.101.39): 1 Time(s)
nobody (128.134.101.39): 1 Time(s)
pcap (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
postfix (128.134.101.39): 1 Time(s)
postgres (128.134.101.39): 1 Time(s)
root (211.182.46.119): 1 Time(s)
root (220.225.20.66): 1 Time(s)
root (84.200.228.50): 1 Time(s)
tomcat (128.134.101.39): 1 Time(s)
unknown (122.212.230.101): 1 Time(s)
webalizer (122x212x230x101.ap122.ftth.ucom.ne.jp): 1 Time(s)
Invalid Users:
Unknown Account: 268 Time(s)

su-l:
Unknown Entries:
session closed for user tomcat: 1 Time(s)
session opened for user tomcat by (uid=0): 1 Time(s)


Now what should i do to prevent this.

thank you
 
Old 02-21-2008, 11:54 AM   #2
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 782
Blog Entries: 8

Rep: Reputation: 158Reputation: 158
Most of that looks normal to me.

If it really concerns you, read this sticky thread:

http://www.linuxquestions.org/questi...tempts-340366/

Now, is postgresql accessible from the internet? Is Beaglidx?

Lastly, that su-l/tomcat issue might need to be investigated, unless you're positive that it was you or someone you trust.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP Security Problem carlosinfl Linux - Networking 2 10-26-2005 10:04 AM
The security problem ust Linux - Software 1 07-17-2005 10:57 AM
I have a security problem gubak Linux - Security 4 03-04-2005 08:06 AM
Security Problem.. Loghan Linux - Software 1 08-25-2003 08:56 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:35 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration