[kde-linux] Am I secured ? ( 2nd Hack attempt to my computer )
Nir
nir20sen at aol.com
Fri Jul 13 14:21:51 UTC 2007
First I apologize if I'm posting this in wrong group.
I'm using KDE -3.5.7-5.fc6 [ Fedora core 6 ]
"uname -a" returns "Linux localhost 2.6.20-1.2962.fc6 #1 SMP Tue Jun 19
19:27:14 EDT 2007 i686 i686 i386 GNU/Linux"
These two logwatch mail indicates hack attempt :
[1]
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Fri Jul 13 11:59:27 2007
Date Range Processed: yesterday
( 2007-Jul-12 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: localhost
##################################################################
--------------------- Automount Begin ------------------------
**Unmatched Entries**
create_udp_client: hostname lookup failed: No such process: 5 Time(s)
lookup_read_master: lookup(nisplus): couldn't locat nis+ table
auto.master: 6 Time(s)
lookup_mount: exports lookup failed for .directory: 5 Time(s)
create_tcp_client: hostname lookup failed: No such process: 5 Time(s)
---------------------- Automount End -------------------------
--------------------- Init Begin ------------------------
**Unmatched Entries**
open(/dev/pts/0): No such file or directory
open(/dev/pts/0): No such file or directory
open(/dev/pts/0): No such file or directory
open(/dev/pts/0): No such file or directory
---------------------- Init End -------------------------
--------------------- pam_unix Begin ------------------------
runuser:
Unknown Entries:
session closed for user beaglidx: 4 Time(s)
session opened for user beaglidx by (uid=0): 4 Time(s)
sshd:
Authentication Failures:
unknown (207.44.194.31): 9 Time(s)
unknown (62.231.121.176): 4 Time(s)
root (61.152.95.102): 3 Time(s)
Invalid Users:
Unknown Account: 13 Time(s)
su:
Sessions Opened:
root(uid=0) -> nir: 2 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin
------------------------
Userhelper executed applications:
root -> system-config-network as root: 3 Time(s)
**Unmatched Entries**
runuser: pam_keyinit(runuser:session): Unable to change GID to 58
temporarily
runuser: pam_keyinit(runuser:session): Unable to change GID to 58
temporarily
---------------------- Connections (secure-log) End
-------------------------
--------------------- SSHD Begin ------------------------
SSHD Killed: 6 Time(s)
SSHD Started: 6 Time(s)
Failed logins from:
61.152.95.102: 3 times
Illegal users from:
62.231.121.176: 4 times
207.44.194.31 (tfc30.oesm.org): 9 times
Users logging in through sshd:
nir:
127.0.0.1 (localhost.localdomain): 4 times
Received disconnect:
11: Bye Bye : 13 Time(s)
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user
recruit : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
akane : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
aika : 1 time(s)
reverse mapping checking getaddrinfo for tfc30.oesm.org failed -
POSSIBLE BREAK-IN ATTEMPT! : 9 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
amaterasu : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
sales : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
amaya : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
aiko : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
aimi : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
arisu : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user aoi
: 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user ai
: 1 time(s)
pam_keyinit(sshd:session): Unable to change GID to 500 temporarily :
4 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
alias : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
staff : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 15G 3.0G 11G 23% /
/dev/hda5 3.8G 285M 3.4G 8% /home
/dev/hdb1 38G 27G 11G 72% /mnt/Shared
/dev/hda7 41G 534M 38G 2% /mnt/Work_Data
/dev/hda3 38G 5.7G 31G 16% /usr
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[2]
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
################### Logwatch 7.3 (03/24/06) ####################
Processing Initiated: Sat Jul 7 04:30:49 2007
Date Range Processed: yesterday
( 2007-Jul-06 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: localhost
##################################################################
--------------------- Selinux Audit Begin ------------------------
*** Denials ***
root root (file): 4 times
system_u system_u (blk_file): 2 times
---------------------- Selinux Audit End -------------------------
--------------------- Automount Begin ------------------------
**Unmatched Entries**
lookup_read_master: lookup(nisplus): couldn't locat nis+ table
auto.master: 2 Time(s)
---------------------- Automount End -------------------------
--------------------- pam_unix Begin ------------------------
runuser:
Unknown Entries:
session closed for user beaglidx: 2 Time(s)
session opened for user beaglidx by (uid=0): 2 Time(s)
sshd:
Authentication Failures:
unknown (61.49.18.88): 49 Time(s)
unknown (dhcp-92-032.cp.eng.chula.ac.th): 18 Time(s)
root (61.49.18.88): 10 Time(s)
apache (61.49.18.88): 1 Time(s)
ftp (61.49.18.88): 1 Time(s)
mysql (61.49.18.88): 1 Time(s)
Invalid Users:
Unknown Account: 67 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin
------------------------
Userhelper executed applications:
root -> system-config-network as root: 2 Time(s)
root -> yumex as root: 1 Time(s)
---------------------- Connections (secure-log) End
-------------------------
--------------------- Smartd Begin ------------------------
Offline uncorrectable sectors detected:
/dev/hdb - 20 Time(s)
8 offline uncorrectable sectors detected
Warnings:
Warning via mail to root: successful - 2 Time(s)
Sending warning via mail to root ... - 2 Time(s)
---------------------- Smartd End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Killed: 3 Time(s)
SSHD Started: 2 Time(s)
Failed logins from:
61.49.18.88: 13 times
Illegal users from:
61.49.18.88: 49 times
161.200.92.32 (dhcp-92-032.cp.eng.chula.ac.th): 18 times
Users logging in through sshd:
root:
127.0.0.1 (localhost.localdomain): 3 times
Received disconnect:
11: Bye Bye : 78 Time(s)
**Unmatched Entries**
pam_succeed_if(sshd:auth): error retrieving information about user
recruit : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
administrator : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
info : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user h :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
library : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
postmaster : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
sales : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user e :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
tony : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
rfmngr : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
test : 4 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user c :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
virus : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user g :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
linux : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
webmaster : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
spam : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
admin : 6 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
oracle : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user a :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
visitor : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user l :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
webadmin : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
michael : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user k :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user web
: 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
paul : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
postfix : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user q :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
ftpuser : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user r :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
core : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user m :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
samba : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
tomcat : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user b :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user d :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
username : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user p :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
alias : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
david : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
user : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
guest : 2 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
postgres : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user n :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user i :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user f :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
named : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user o :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
cyrus : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
newsletter : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user j :
1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
master : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
pgsql : 1 time(s)
pam_succeed_if(sshd:auth): error retrieving information about user
office : 1 time(s)
---------------------- SSHD End -------------------------
--------------------- yum Begin ------------------------
Packages Installed:
foobillard.i386 3.0a-5
---------------------- yum End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/hda2 15G 3.1G 11G 24% /
/dev/hda5 3.8G 285M 3.4G 8% /home
/dev/hdb1 38G 27G 11G 72% /mnt/Shared
/dev/hda7 41G 590M 38G 2% /mnt/Work_Data
/dev/hda3 38G 5.7G 31G 16% /usr
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################
-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
My current ssh setting :
cat /etc/ssh/sshd_config
# $OpenBSD: sshd_config,v 1.73 2005/12/06 22:38:28 reyk Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
#Port 22
#Protocol 2,1
Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts yes
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication mechanism.
# Depending on your PAM configuration, this may bypass the setting of
# PasswordAuthentication, PermitEmptyPasswords, and
# "PermitRootLogin without-password". If you just want the PAM account and
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY
LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
#PermitTunnel no
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
My questions :
1. Was that hacker(s) able to login to my computer ?
2.Is my current settings is strong enough to stop hacking ?
More information about the kde-linux
mailing list