LincolnBlogs

Why I use OSSEC

June 10 2011 by linc in Ossec, Security |No Comments

There are some great reasons to use OSSEC. One of them is you get emails like these I received this morning:

Jun 10 09:24:51 pukwudgie sshd[28651]: Failed password for invalid user pureftp from 202.121.49.62 port 45542 ssh2
Jun 10 09:24:48 pukwudgie sshd[28651]: Invalid user pureftp from 202.121.49.62
Jun 10 09:24:29 pukwudgie sshd[28630]: Failed password for invalid user tom from 202.121.49.62 port 37388 ssh2
Jun 10 09:24:28 pukwudgie sshd[28630]: Invalid user tom from 202.121.49.62
Jun 10 09:24:11 pukwudgie sshd[28628]: Failed password for invalid user peter from 202.121.49.62 port 57468 ssh2
Jun 10 09:24:09 pukwudgie sshd[28628]: Invalid user peter from 202.121.49.62
Jun 10 09:23:52 pukwudgie sshd[28610]: Failed password for invalid user thom from 202.121.49.62 port 49315 ssh2
Jun 10 09:26:39 pukwudgie sshd[28730]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.121.49.62 user=root
Jun 10 09:25:43 pukwudgie sshd[28690]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.121.49.62
Jun 10 09:25:24 pukwudgie sshd[28672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.121.49.62
Jun 10 09:25:05 pukwudgie sshd[28653]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.121.49.62
Jun 10 09:24:48 pukwudgie sshd[28651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.121.49.62
Jun 10 09:24:28 pukwudgie sshd[28630]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.121.49.62
Jun 10 09:24:09 pukwudgie sshd[28628]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=202.121.49.62Jun 10 09:44:08 pukwudgie sshd[29440]: pam_succeed_if(sshd:auth): error retrieving information about user recruit
Jun 10 09:44:46 pukwudgie sshd[29478]: pam_succeed_if(sshd:auth): error retrieving information about user office
Jun 10 09:45:25 pukwudgie sshd[29497]: pam_succeed_if(sshd:auth): error retrieving information about user tomcat
Jun 10 09:45:05 pukwudgie sshd[29480]: pam_succeed_if(sshd:auth): error retrieving information about user samba
Jun 10 09:45:42 pukwudgie sshd[29514]: pam_succeed_if(sshd:auth): error retrieving information about user webadmin
Jun 10 09:47:02 pukwudgie sshd[29555]: Failed password for invalid user spam from 202.121.49.62 port 45351 ssh2
Jun 10 09:46:59 pukwudgie sshd[29555]: Invalid user spam from 202.121.49.62
Jun 10 09:46:43 pukwudgie sshd[29538]: Failed password for invalid user ssh2 from 202.121.49.62 port 37198 ssh2
Jun 10 09:46:40 pukwudgie sshd[29538]: Invalid user ssh2 from 202.121.49.62
Jun 10 09:46:03 pukwudgie sshd[29518]: Failed password for invalid user jambo from 202.121.49.62 port 49116 ssh2
Jun 10 09:46:01 pukwudgie sshd[29518]: Invalid user jambo from 202.121.49.62
Jun 10 09:45:45 pukwudgie sshd[29514]: Failed password for invalid user webadmin from 202.121.49.62 port 40961 ssh2

Etcetera, etcetera…

You must be logged in to post a comment.

Why I use OSSEC

Leave a Reply

Blogroll

Extras

Categories