nibraz |
10-12-2016 05:50 AM |
Quote:
Originally Posted by Turbocapitalist
(Post 5616916)
Ok, you're running CentOS 6.5 which is good until November 2020. Running CentOS 6.5 means that you've got a very old version of OpenSSH, but that it will support tcpd. Really, with the advent of "ipchains", and later "iptables", "tpcd" became mostly irrelevant. According to the configuration you posted for "tcpd" you are using the most basic features and those are better done with the firewall. That would be "iptables" or whatever CentOS 6 has for a front-end for "iptables". With SSH you have a reasonable lock on the front door, but the back porch is open except for an unlatched screen door (FTP).
But back to SSH, your login failures should be showing up in /var/log/secure
What does that log say when you try to connect but fail?
|
Hi Turbo
Is it worth updatin the Centos system itself?
Would it cause any problems for my website running backend DB as mysql?
/var/log/secure got this:
Code:
Oct 11 17:17:34 www sshd[20187]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:17:34 www sshd[20187]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:18:07 www sshd[20203]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:18:07 www sshd[20203]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:18:34 www sshd[20206]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:18:34 www sshd[20206]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:18:49 www sshd[20209]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:18:49 www sshd[20209]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:20:27 www sshd[20291]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:20:27 www sshd[20291]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:22:41 www sshd[20332]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:22:41 www sshd[20332]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:24:08 www sshd[20371]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:24:08 www sshd[20371]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:30:40 www sshd[20586]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:30:40 www sshd[20586]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:30:41 www sshd[20586]: Invalid user liam from 50.201.67.38
Oct 11 17:30:41 www sshd[20587]: input_userauth_request: invalid user liam
Oct 11 17:30:41 www sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:30:41 www sshd[20586]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 17:30:41 www sshd[20586]: pam_succeed_if(sshd:auth): error retrieving information about user liam
Oct 11 17:30:43 www sshd[20586]: Failed password for invalid user liam from 50.201.67.38 port 19697 ssh2
Oct 11 17:30:43 www sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:30:43 www sshd[20586]: pam_succeed_if(sshd:auth): error retrieving information about user liam
Oct 11 17:30:45 www sshd[20586]: Failed password for invalid user liam from 50.201.67.38 port 19697 ssh2
Oct 11 17:30:45 www sshd[20586]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:30:45 www sshd[20586]: pam_succeed_if(sshd:auth): error retrieving information about user liam
Oct 11 17:30:47 www sshd[20589]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:30:47 www sshd[20589]: refused connect from host109-148-103-166.range109-148.btcentralplus.com (109.148.103.166)
Oct 11 17:30:47 www sshd[20586]: Failed password for invalid user liam from 50.201.67.38 port 19697 ssh2
Oct 11 17:30:47 www sshd[20587]: Connection closed by 50.201.67.38
Oct 11 17:30:47 www sshd[20586]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 17:43:07 www sshd[10291]: pam_unix(sshd:session): session closed for user root
Oct 11 17:45:44 www sshd[21116]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:45:44 www sshd[21116]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:45:46 www sshd[21116]: Invalid user james from 65.242.43.109
Oct 11 17:45:46 www sshd[21117]: input_userauth_request: invalid user james
Oct 11 17:45:46 www sshd[21116]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:45:46 www sshd[21116]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 17:45:46 www sshd[21116]: pam_succeed_if(sshd:auth): error retrieving information about user james
Oct 11 17:45:47 www sshd[21116]: Failed password for invalid user james from 65.242.43.109 port 38408 ssh2
Oct 11 17:45:48 www sshd[21116]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:45:48 www sshd[21116]: pam_succeed_if(sshd:auth): error retrieving information about user james
Oct 11 17:45:49 www sshd[21116]: Failed password for invalid user james from 65.242.43.109 port 38408 ssh2
Oct 11 17:45:50 www sshd[21116]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 17:45:50 www sshd[21116]: pam_succeed_if(sshd:auth): error retrieving information about user james
Oct 11 17:45:52 www sshd[21116]: Failed password for invalid user james from 65.242.43.109 port 38408 ssh2
Oct 11 17:45:52 www sshd[21117]: Connection closed by 65.242.43.109
Oct 11 17:45:52 www sshd[21116]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 17:46:27 www sshd[21135]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:46:27 www sshd[21135]: warning: /etc/hosts.deny, line 14: host name/address mismatch: 89.107.124.244 != nisipp3.canmos.ru
Oct 11 17:46:27 www sshd[21135]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:46:27 www sshd[21135]: Did not receive identification string from 89.107.124.244
Oct 11 17:46:27 www sshd[21136]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 17:46:27 www sshd[21136]: warning: /etc/hosts.deny, line 14: host name/address mismatch: 89.107.124.244 != nisipp3.canmos.ru
Oct 11 17:46:27 www sshd[21136]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 17:46:30 www sshd[21136]: Address 89.107.124.244 maps to nisipp3.canmos.ru, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 11 17:46:30 www sshd[21136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=89.107.124.244 user=root
Oct 11 17:46:32 www sshd[21136]: Failed password for root from 89.107.124.244 port 59373 ssh2
Oct 11 17:46:32 www sshd[21137]: Received disconnect from 89.107.124.244: 11: Bye Bye
Oct 11 18:16:29 www sshd[21942]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:29 www sshd[21942]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:29 www sshd[21942]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:31 www sshd[21942]: Failed password for root from 163.172.16.102 port 37657 ssh2
Oct 11 18:16:31 www sshd[21943]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:31 www sshd[21944]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:31 www sshd[21944]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:32 www sshd[21944]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:33 www sshd[21944]: Failed password for root from 163.172.16.102 port 51357 ssh2
Oct 11 18:16:33 www sshd[21945]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:33 www sshd[21946]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:33 www sshd[21946]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:33 www sshd[21946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:35 www sshd[21946]: Failed password for root from 163.172.16.102 port 33535 ssh2
Oct 11 18:16:35 www sshd[21947]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:35 www sshd[21948]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:35 www sshd[21948]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:35 www sshd[21948]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu user=root
Oct 11 18:16:37 www sshd[21948]: Failed password for root from 163.172.16.102 port 45033 ssh2
Oct 11 18:16:37 www sshd[21949]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:16:37 www sshd[21950]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:16:37 www sshd[21950]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:16:38 www sshd[21950]: Invalid user pi from 163.172.16.102
Oct 11 18:16:38 www sshd[21951]: input_userauth_request: invalid user pi
Oct 11 18:16:38 www sshd[21950]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:16:38 www sshd[21950]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=163-172-16-102.rev.poneytelecom.eu
Oct 11 18:16:38 www sshd[21950]: pam_succeed_if(sshd:auth): error retrieving information about user pi
Oct 11 18:16:39 www sshd[21950]: Failed password for invalid user pi from 163.172.16.102 port 57511 ssh2
Oct 11 18:16:39 www sshd[21951]: Received disconnect from 163.172.16.102: 11: Bye Bye
Oct 11 18:19:10 www sshd[22018]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:19:10 www sshd[22018]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:19:40 www sshd[22021]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:19:40 www sshd[22021]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:21:09 www sshd[22103]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:21:09 www sshd[22103]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:21:10 www sshd[22103]: Invalid user help from 50.201.67.38
Oct 11 18:21:10 www sshd[22104]: input_userauth_request: invalid user help
Oct 11 18:21:10 www sshd[22103]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:21:10 www sshd[22103]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 18:21:10 www sshd[22103]: pam_succeed_if(sshd:auth): error retrieving information about user help
Oct 11 18:21:12 www sshd[22103]: Failed password for invalid user help from 50.201.67.38 port 1777 ssh2
Oct 11 18:21:12 www sshd[22103]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:21:12 www sshd[22103]: pam_succeed_if(sshd:auth): error retrieving information about user help
Oct 11 18:21:14 www sshd[22103]: Failed password for invalid user help from 50.201.67.38 port 1777 ssh2
Oct 11 18:21:14 www sshd[22103]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:21:14 www sshd[22103]: pam_succeed_if(sshd:auth): error retrieving information about user help
Oct 11 18:21:15 www sshd[22103]: Failed password for invalid user help from 50.201.67.38 port 1777 ssh2
Oct 11 18:21:15 www sshd[22104]: Connection closed by 50.201.67.38
Oct 11 18:21:15 www sshd[22103]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=50-201-67-38-static.hfc.comcastbusiness.net
Oct 11 18:29:34 www sshd[22288]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:29:34 www sshd[22288]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:29:42 www sshd[22289]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:29:42 www sshd[22289]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:34:09 www sshd[22429]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:34:09 www sshd[22429]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:37:34 www sshd[22525]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:37:34 www sshd[22525]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:37:35 www sshd[22525]: Invalid user odoo from 65.242.43.109
Oct 11 18:37:35 www sshd[22526]: input_userauth_request: invalid user odoo
Oct 11 18:37:35 www sshd[22525]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:37:35 www sshd[22525]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 18:37:35 www sshd[22525]: pam_succeed_if(sshd:auth): error retrieving information about user odoo
Oct 11 18:37:37 www sshd[22525]: Failed password for invalid user odoo from 65.242.43.109 port 38408 ssh2
Oct 11 18:37:37 www sshd[22525]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:37:37 www sshd[22525]: pam_succeed_if(sshd:auth): error retrieving information about user odoo
Oct 11 18:37:39 www sshd[22525]: Failed password for invalid user odoo from 65.242.43.109 port 38408 ssh2
Oct 11 18:37:39 www sshd[22525]: pam_unix(sshd:auth): check pass; user unknown
Oct 11 18:37:39 www sshd[22525]: pam_succeed_if(sshd:auth): error retrieving information about user odoo
Oct 11 18:37:41 www sshd[22525]: Failed password for invalid user odoo from 65.242.43.109 port 38408 ssh2
Oct 11 18:37:41 www sshd[22526]: Connection closed by 65.242.43.109
Oct 11 18:37:41 www sshd[22525]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=65.242.43.109
Oct 11 18:57:18 www sshd[23047]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:57:18 www sshd[23047]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:58:12 www sshd[23064]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:58:12 www sshd[23064]: warning: /etc/hosts.deny, line 14: host name/address mismatch: 222.138.139.252 != hn.kd.ny.adsl
Oct 11 18:58:12 www sshd[23064]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:58:14 www sshd[23064]: Address 222.138.139.252 maps to hn.kd.ny.adsl, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT!
Oct 11 18:58:14 www sshd[23064]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.138.139.252 user=root
Oct 11 18:58:15 www sshd[23064]: Failed password for root from 222.138.139.252 port 54792 ssh2
Oct 11 18:58:16 www sshd[23066]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:58:16 www sshd[23066]: refused connect from host86-161-198-208.range86-161.btcentralplus.com (xxx.xxx.xx.xx)
Oct 11 18:58:17 www sshd[23064]: Failed password for root from 222.138.139.252 port 54792 ssh2
Oct 11 18:58:19 www sshd[23064]: Failed password for root from 222.138.139.252 port 54792 ssh2
Oct 11 18:58:19 www sshd[23065]: Connection closed by 222.138.139.252
Oct 11 18:58:19 www sshd[23064]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.138.139.252 user=root
Oct 11 18:59:15 www sshd[23086]: warning: /etc/hosts.allow, line 10: missing newline or line too long
Oct 11 18:59:15 www sshd[23086]: warning: /etc/hosts.deny, line 14: missing newline or line too long
Oct 11 18:59:15 www sshd[23086]: Invalid user test1 from 46.32.53.44
|