Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
02-11-2006, 09:52 PM
|
#1
|
|
LQ Newbie
Registered: Jan 2006
Posts: 8
Rep: 
|
OK, whats this in my var/log/secure????
Hi Folks,
I am new to linux and I was poking around in /var/log/* I found a lot of "stuff" in the secure file as well as messages
Here is some of the stuff in /var/log/secure
Feb 10 21:49:53 localhost sshd[7857]: Failed password for invalid user admins from 218.146.254.87 port 51145 ssh2
Feb 10 21:49:57 localhost sshd[7859]: Failed password for bin from 218.146.254.87 port 51205 ssh2
Feb 10 21:50:02 localhost sshd[7862]: Failed password for daemon from 218.146.254.87 port 51649 ssh2
Feb 10 21:50:06 localhost sshd[7864]: Failed password for lp from 218.146.254.87 port 52100 ssh2
Feb 10 21:50:11 localhost sshd[7866]: Failed password for sync from 218.146.254.87 port 52565 ssh2
Feb 10 21:50:15 localhost sshd[7869]: Failed password for shutdown from 218.146.254.87 port 53002 ssh2
Feb 10 21:50:19 localhost sshd[7871]: Failed password for halt from 218.146.254.87 port 53460 ssh2
Feb 10 21:50:24 localhost sshd[7873]: Failed password for uucp from 218.146.254.87 port 53928 ssh2
Feb 10 21:50:28 localhost sshd[7875]: Failed password for smmsp from 218.146.254.87 port 54389 ssh2
And here is some from /var/log/messages
eb 11 22:35:11 localhost sshd(pam_unix)[16645]: check pass; user unknown
Feb 11 22:35:11 localhost sshd(pam_unix)[16645]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:35:15 localhost sshd(pam_unix)[16648]: check pass; user unknown
Feb 11 22:35:15 localhost sshd(pam_unix)[16648]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:35:20 localhost sshd(pam_unix)[16650]: check pass; user unknown
Feb 11 22:35:20 localhost sshd(pam_unix)[16650]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:35:26 localhost sshd(pam_unix)[16652]: check pass; user unknown
Feb 11 22:35:26 localhost sshd(pam_unix)[16652]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:35:36 localhost sshd(pam_unix)[16655]: check pass; user unknown
Feb 11 22:35:36 localhost sshd(pam_unix)[16655]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:35:42 localhost sshd(pam_unix)[16657]: check pass; user unknown
Feb 11 22:35:42 localhost sshd(pam_unix)[16657]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:35:50 localhost sshd(pam_unix)[16660]: check pass; user unknown
Feb 11 22:35:50 localhost sshd(pam_unix)[16660]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:35:58 localhost sshd(pam_unix)[16662]: check pass; user unknown
Feb 11 22:35:58 localhost sshd(pam_unix)[16662]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Feb 11 22:36:10 localhost sshd(pam_unix)[16679]: check pass; user unknown
Feb 11 22:36:10 localhost sshd(pam_unix)[16679]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=spcomputing.demon.co.uk
Is this something to be concerned with??
I do have a port open which has been closed. Is having a port open on my router for ssh bad??
Thank you for your time!
|
|
|
|
|
02-11-2006, 10:57 PM
|
#2
|
|
Member
Registered: Feb 2005
Location: ~h3av3n~
Distribution: RHEL 4, Fedora Core 3,6,7 Centos 5, Ubuntu 7.04
Posts: 227
Rep: 
|
|
|
|
|
|
02-12-2006, 07:16 PM
|
#3
|
|
LQ Newbie
Registered: Jan 2006
Posts: 8
Original Poster
Rep:
|
I suppose this is normal?
Should I be concerned about it?
Thanks!
|
|
|
|
|
02-12-2006, 07:46 PM
|
#4
|
|
Senior Member
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,141
Rep:
|
If you have strong passwords (better, use keys instead of passwords for your remote connections), no root login allowed (use su), and protocol 2 only then you have a strong base set up. Googling on securing ssh returns a bunch of sites for further tweaks.
|
|
|
|
|
02-12-2006, 07:48 PM
|
#5
|
|
Senior Member
Registered: Jan 2004
Location: Roughly 29.467N / 81.206W
Distribution: OpenBSD, Debian, FreeBSD
Posts: 1,450
Rep:
|
Yep, it is normal and it's no great concern. You should make sure all non-user accounts have a * in their password field and an invalid shell -- but this is the default situation on every system I have seen.
Also, disable root login for ssh (probably already done as a default) and make sure all your users have good passwords. And/or you can limit the users who can login through ssh as well -- if you have several users who should never connect remotely.
But... for the most part... you have little to worry about. These automated scripts are very common but not very effective against machines which weren't massively misconfigured.
|
|
|
|
All times are GMT -5. The time now is 02:07 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
