Auth.log
Hi,
I was just checking some logs on a woody box and just want to clarify
something.
Stuff like this :
Nov 3 00:05:59 donate PAM_unix[3656]: authentication failure; (uid=0)
-> root for ssh service
Nov 3 00:06:00 donate sshd[3656]: Failed password for root from
61.218.125.178 port 39086 ssh2
Nov 3 00:06:03 donate PAM_unix[3658]: authentication failure; (uid=0)
-> root for ssh service
Nov 3 00:06:05 donate sshd[3658]: Failed password for root from
61.218.125.178 port 40074 ssh2
Nov 3 00:06:08 donate PAM_unix[3660]: authentication failure; (uid=0)
-> root for ssh service
Nov 3 00:06:10 donate sshd[3660]: Failed password for root from
61.218.125.178 port 41245 ssh2
Nov 3 00:06:13 donate PAM_unix[3662]: authentication failure; (uid=0)
-> root for ssh service
Nov 3 00:06:15 donate sshd[3662]: Failed password for root from
61.218.125.178 port 42025 ssh2
Nov 3 00:06:18 donate PAM_unix[3664]: authentication failure; (uid=0)
-> root for ssh service
Nov 3 00:06:20 donate sshd[3664]: Failed password for root from
61.218.125.178 port 43186 ssh2
Nov 3 00:06:23 donate PAM_unix[3666]: authentication failure; (uid=0)
-> root for ssh service
Nov 3 00:06:25 donate sshd[3666]: Failed password for root from
61.218.125.178 port 43958 ssh2
..and there are pages and pages of it.
This is someone trying to login as root right ?
I have ssh configured so root cannot login, but I want to show some
stats to management to elevate the need to be security conscious, are
there any packages which will analyse these logs and produce a nice
report, a summary perhaps ?
thanks
Matt Joyce
Children's Cancer Institute Australia
http://www.ccia.org.au
Reply to:
- Follow-Ups:
- Re: Auth.log
- From: Andrea Vettorello <andrea.vettorello@gmail.com>
- Re: Auth.log
- From: Shreyas Ananthan <shreyas@stallion.umd.edu>