LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-12-2005, 06:16 AM   #1
bschiett
Member
 
Registered: Feb 2005
Posts: 32

Rep: Reputation: 15
weird stuff in /var/log/auth.log


Hi all,

I'm new to linux and I've just set up an arch linux box. i was looking in /var/log/auth.log this morning to debug something when I found this:



Mar 11 19:54:52 sponge sshd[3653]: Invalid user horde from 61.218.16.227
Mar 11 19:54:52 sponge sshd[3653]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:52 sponge sshd[3653]: error: Could not get shadow information for NOUSER
Mar 11 19:54:52 sponge sshd[3653]: Failed password for invalid user horde from 61.218.16.227 port 46646 ssh2
Mar 11 19:54:52 sponge sshd[3653]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:55 sponge sshd[3656]: Invalid user cyrus from 61.218.16.227
Mar 11 19:54:55 sponge sshd[3656]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:55 sponge sshd[3656]: error: Could not get shadow information for NOUSER
Mar 11 19:54:55 sponge sshd[3656]: Failed password for invalid user cyrus from 61.218.16.227 port 46690 ssh2
Mar 11 19:54:55 sponge sshd[3656]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:58 sponge sshd[3659]: Invalid user www from 61.218.16.227
Mar 11 19:54:58 sponge sshd[3659]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:54:58 sponge sshd[3659]: error: Could not get shadow information for NOUSER
Mar 11 19:54:58 sponge sshd[3659]: Failed password for invalid user www from 61.218.16.227 port 46730 ssh2
Mar 11 19:54:58 sponge sshd[3659]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:01 sponge sshd[3662]: Invalid user wwwrun from 61.218.16.227
Mar 11 19:55:01 sponge sshd[3662]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:01 sponge sshd[3662]: error: Could not get shadow information for NOUSER
Mar 11 19:55:01 sponge sshd[3662]: Failed password for invalid user wwwrun from 61.218.16.227 port 46775 ssh2
Mar 11 19:55:01 sponge sshd[3662]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:04 sponge sshd[3665]: Invalid user matt from 61.218.16.227
Mar 11 19:55:04 sponge sshd[3665]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:04 sponge sshd[3665]: error: Could not get shadow information for NOUSER
Mar 11 19:55:04 sponge sshd[3665]: Failed password for invalid user matt from 61.218.16.227 port 46818 ssh2
Mar 11 19:55:04 sponge sshd[3665]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:07 sponge sshd[3668]: Invalid user test from 61.218.16.227
Mar 11 19:55:07 sponge sshd[3668]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:07 sponge sshd[3668]: error: Could not get shadow information for NOUSER
Mar 11 19:55:07 sponge sshd[3668]: Failed password for invalid user test from 61.218.16.227 port 46864 ssh2
Mar 11 19:55:07 sponge sshd[3668]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:12 sponge sshd[3671]: Invalid user test from 61.218.16.227
Mar 11 19:55:12 sponge sshd[3671]: Excess permission or bad ownership on file /var/log/btmp
Mar 11 19:55:12 sponge sshd[3671]: error: Could not get shadow information for NOUSER
Mar 11 19:55:12 sponge sshd[3671]: Failed password for invalid user test from 61.218.16.227 port 46910 ssh2
Mar 11 19:55:12 sponge sshd[3671]: Excess permission or bad ownership on file /var/log/btmp



is this somebody trying to login to my machine using SSH by picking random accounts?


thanks!
 
Old 03-12-2005, 06:38 AM   #2
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
Someone from Taiwan is trying to break in. The address 61... is blacklisted BTW.

2005-03-12 LIST.DSBL.ORG
2005-03-12 DNSBL.SORBS.NET

Habit to use strong passwords seems to be a good idea ...
 
Old 03-12-2005, 07:23 AM   #3
bschiett
Member
 
Registered: Feb 2005
Posts: 32

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by Emerson
Someone from Taiwan is trying to break in. The address 61... is blacklisted BTW.

2005-03-12 LIST.DSBL.ORG
2005-03-12 DNSBL.SORBS.NET

Habit to use strong passwords seems to be a good idea ...
thanks for the info!

is there a limit on the ssh password i can use? e.g. can I use a longer password than 8 letters/digits/symbols?
 
Old 03-12-2005, 08:29 AM   #4
Emerson
Senior Member
 
Registered: Nov 2004
Location: Saint Amant, Acadiana
Distribution: Gentoo ~
Posts: 3,177

Rep: Reputation: Disabled
Security is a very comprehensive field. Unfortunately, I'm not a security expert. I think it's time to learn more about it, thank you, you triggered my interest. Right now I can say:
You can have longer system wide passwords.
However, meaningless combination of 8 upper- and lowercase symbols and digits is strong enough.
Network root access should be denied and limited su (sudo) used instead.
You can limit ssh access to certain users.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/messages weird entries blizunt7 Linux - Security 5 11-01-2005 05:56 PM
suspicious entry in /var/log/auth.log buehler Linux - Security 5 04-27-2005 05:11 PM
/var/log/auth.log entries buehler Linux - Security 1 04-23-2005 04:45 PM
weird network jibberish in /var/log/messages - how to remove? chibi Linux - Networking 3 09-22-2004 10:17 AM
weird mesg. in /var/log/httpd/access_log aimstr8 Linux - General 7 08-16-2001 01:01 PM


All times are GMT -5. The time now is 10:32 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration