Logdateien

Rund um die Sicherheit des Systems und die Applikationen
Post Reply
soldier601
Posts: 8
Joined: 2007-07-07 02:28
 

Logdateien

Post by soldier601 »

Guten Tag zusammen.

Ich habe nun seit ein paar Wochen einen eigenen Rootserver geholt. Ich habe mich im Vorfeld mit Linux sehr gut befasst auf meinem 2ten Rechner mit der Disti beschäftigt, die ich auch auf dem Rootserver verwende. Ich habe mich auch über viele Sicherheitsaspekte schlau gemacht und auch diese auf meinem Root eingesetzt (z.B. das man sich über SSH net als Root anmelden kann). Nur eins konnte ich bis jetzt noch nicht verstehen.... Die Logdateien, hier mal zum Beispiel die "warn" log Datei:
Jun 26 15:26:16 suse100m syslog-ng[4801]: Changing permissions on special file /dev/xconsole
Jun 26 15:26:16 suse100m syslog-ng[4801]: Changing permissions on special file /dev/tty10
Jun 26 15:26:16 suse100m kernel: shpchp: shpc_init : shpc_cap_offset == 0
Jun 26 15:26:16 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 15:26:16 suse100m kernel: ACPI: PCI Interrupt Link [ALKB] enabled at IRQ 21
Jun 26 15:26:16 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 15:26:16 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 15:26:16 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 15:26:16 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 15:26:16 suse100m kernel: cpu_init done, current fid 0xe, vid 0x8
Jun 26 15:26:17 suse100m ifup: No configuration found for sit0
Jun 26 15:46:06 suse100m kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jun 26 15:47:04 suse100m kernel: ip6_tables: (C) 2000-2002 Netfilter core team
Jun 26 15:47:04 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 15:47:04 suse100m kernel: ip_conntrack version 2.1 (8192 buckets, 65536 max) - 248 bytes per conntrack
Jun 26 15:47:04 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 15:47:04 suse100m SuSEfirewall2: Warning: no interface active
Jun 26 15:47:15 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 15:47:15 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 15:47:15 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 15:47:15 suse100m SuSEfirewall2: Warning: no interface active
Jun 26 16:21:34 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 16:21:34 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 16:21:34 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 16:21:34 suse100m SuSEfirewall2: Warning: no interface active
Jun 26 16:22:34 suse100m syslog-ng[4801]: Changing permissions on special file /dev/xconsole
Jun 26 16:22:34 suse100m syslog-ng[4801]: Changing permissions on special file /dev/tty10
Jun 26 16:22:34 suse100m sshd[7212]: error: PAM: Authentication failure for ts2 from xdsl-213-196-195-99.netcologne.de
Jun 26 16:37:25 suse100m sshd[7293]: error: PAM: Authentication failure for ts2 from xdsl-213-196-195-99.netcologne.de
Jun 26 16:41:26 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 16:41:26 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 16:41:26 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 16:41:26 suse100m SuSEfirewall2: Warning: no interface active
Jun 26 18:09:18 suse100m sshd[8061]: error: PAM: Authentication failure for root from xdsl-213-196-195-99.netcologne.de
Jun 26 18:09:27 suse100m sshd[8061]: error: PAM: Authentication failure for root from xdsl-213-196-195-99.netcologne.de
Jun 26 18:16:52 suse100m syslog-ng[4801]: Changing permissions on special file /dev/xconsole
Jun 26 18:16:52 suse100m syslog-ng[4801]: Changing permissions on special file /dev/tty10
Jun 26 18:16:52 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 18:16:53 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 26 18:19:46 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 18:19:46 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 18:19:46 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 18:19:46 suse100m SuSEfirewall2: Warning: no interface active
Jun 26 19:32:02 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 19:32:02 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 19:32:02 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 19:32:02 suse100m SuSEfirewall2: Warning: no interface active
Jun 26 21:59:46 suse100m syslog-ng[4801]: Changing permissions on special file /dev/xconsole
Jun 26 21:59:46 suse100m syslog-ng[4801]: Changing permissions on special file /dev/tty10
Jun 26 21:59:46 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 21:59:47 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 26 22:10:35 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 22:10:35 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 26 22:27:59 suse100m syslog-ng[4801]: Changing permissions on special file /dev/xconsole
Jun 26 22:27:59 suse100m syslog-ng[4801]: Changing permissions on special file /dev/tty10
Jun 26 22:27:59 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 22:28:00 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 26 22:30:23 suse100m syslog-ng[4801]: Changing permissions on special file /dev/xconsole
Jun 26 22:30:23 suse100m syslog-ng[4801]: Changing permissions on special file /dev/tty10
Jun 26 22:30:23 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 22:30:24 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 26 22:46:59 suse100m syslog-ng[4804]: Changing permissions on special file /dev/xconsole
Jun 26 22:46:59 suse100m syslog-ng[4804]: Changing permissions on special file /dev/tty10
Jun 26 22:46:59 suse100m ifup: No configuration found for sit0
Jun 26 22:47:00 suse100m kernel: ip6_tables: (C) 2000-2002 Netfilter core team
Jun 26 22:47:00 suse100m kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jun 26 22:47:00 suse100m kernel: ip_conntrack version 2.1 (8192 buckets, 65536 max) - 248 bytes per conntrack
Jun 26 22:47:00 suse100m kernel: shpchp: shpc_init : shpc_cap_offset == 0
Jun 26 22:47:00 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 22:47:00 suse100m kernel: ACPI: PCI Interrupt Link [ALKB] enabled at IRQ 21
Jun 26 22:47:00 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 22:47:00 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 22:47:00 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 22:47:00 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 26 22:47:00 suse100m kernel: cpu_init done, current fid 0xe, vid 0x8
Jun 26 22:47:01 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 26 22:47:01 suse100m SuSEfirewall2: Warning: no interface active
Jun 26 22:57:17 suse100m syslog-ng[4804]: Changing permissions on special file /dev/xconsole
Jun 26 22:57:17 suse100m syslog-ng[4804]: Changing permissions on special file /dev/tty10
Jun 26 22:57:17 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 22:57:18 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 26 23:01:11 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 23:01:12 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 26 23:06:26 suse100m syslog-ng[4804]: Changing permissions on special file /dev/xconsole
Jun 26 23:06:26 suse100m syslog-ng[4804]: Changing permissions on special file /dev/tty10
Jun 26 23:06:26 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 26 23:06:27 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 27 02:02:10 suse100m sshd[2977]: error: PAM: Authentication failure for root from xdsl-195-14-204-55.netcologne.de
Jun 27 02:07:51 suse100m checkproc: checkproc: Usage: checkproc [-v] [-k] [-p pid_file] /full/path/to/program
Jun 27 02:07:52 suse100m checkproc: checkproc: cannot stat /usr/X11R6/bin/xdm: No such file or directory
Jun 27 02:19:14 suse100m syslog-ng[4816]: Changing permissions on special file /dev/xconsole
Jun 27 02:19:14 suse100m syslog-ng[4816]: Changing permissions on special file /dev/tty10
Jun 27 02:19:14 suse100m ifup: No configuration found for sit0
Jun 27 02:19:15 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 27 02:19:15 suse100m SuSEfirewall2: Warning: no interface active
Jun 27 02:19:15 suse100m kernel: ip6_tables: (C) 2000-2002 Netfilter core team
Jun 27 02:19:15 suse100m kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jun 27 02:19:15 suse100m kernel: ip_conntrack version 2.1 (8192 buckets, 65536 max) - 248 bytes per conntrack
Jun 27 02:19:15 suse100m kernel: shpchp: shpc_init : shpc_cap_offset == 0
Jun 27 02:19:15 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 27 02:19:15 suse100m kernel: ACPI: PCI Interrupt Link [ALKB] enabled at IRQ 21
Jun 27 02:19:15 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 27 02:19:15 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 27 02:19:15 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 27 02:19:15 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 27 02:19:15 suse100m kernel: cpu_init done, current fid 0xe, vid 0x8
Jun 27 03:05:17 suse100m sshd[15843]: error: PAM: Authentication failure for root from xdsl-195-14-204-55.netcologne.de
Jun 27 03:11:31 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 27 03:11:31 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 27 03:11:31 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 27 03:11:31 suse100m SuSEfirewall2: Warning: no interface active
Jun 27 13:37:03 suse100m sshd[16258]: fatal: Read from socket failed: Connection timed out
Jun 27 16:17:25 suse100m sshd[17383]: error: PAM: Authentication failure for root from xdsl-213-168-110-102.netcologne.de
Jun 27 21:25:44 suse100m postfix/sendmail[19833]: fatal: No recipient addresses found in message header
Jun 27 21:26:36 suse100m postfix/sendmail[19843]: fatal: No recipient addresses found in message header
Jun 27 21:27:57 suse100m postfix/sendmail[19850]: fatal: No recipient addresses found in message header
Jun 27 22:23:49 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 27 22:23:49 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 27 22:23:49 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 27 22:23:49 suse100m SuSEfirewall2: Warning: no interface active
Jun 29 01:34:13 suse100m postfix/postfix-script: fatal: usage: postfix start (or stop, reload, abort, flush, check, set-permissions, upgrade-configuration)
Jun 29 02:02:57 suse100m syslog-ng[4816]: Changing permissions on special file /dev/xconsole
Jun 29 02:02:57 suse100m syslog-ng[4816]: Changing permissions on special file /dev/tty10
Jun 29 02:02:57 suse100m sshd[27065]: error: PAM: Authentication failure for root from xdsl-213-196-210-148.netcologne.de
Jun 29 02:35:43 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 29 02:35:43 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 29 02:35:43 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 29 02:35:43 suse100m SuSEfirewall2: Warning: no interface active
Jun 29 17:01:50 suse100m syslog-ng[4704]: Changing permissions on special file /dev/xconsole
Jun 29 17:01:50 suse100m syslog-ng[4704]: Changing permissions on special file /dev/tty10
Jun 29 17:01:50 suse100m ifup: No configuration found for sit0
Jun 29 17:01:50 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jun 29 17:01:50 suse100m SuSEfirewall2: Warning: no interface active
Jun 29 17:01:51 suse100m kernel: ip6_tables: (C) 2000-2002 Netfilter core team
Jun 29 17:01:51 suse100m kernel: ip_tables: (C) 2000-2002 Netfilter core team
Jun 29 17:01:51 suse100m kernel: ip_conntrack version 2.1 (8192 buckets, 65536 max) - 248 bytes per conntrack
Jun 29 17:01:51 suse100m kernel: shpchp: shpc_init : shpc_cap_offset == 0
Jun 29 17:01:51 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 29 17:01:51 suse100m kernel: ACPI: PCI Interrupt Link [ALKB] enabled at IRQ 21
Jun 29 17:01:51 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 29 17:01:51 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 29 17:01:51 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 29 17:01:51 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable
Jun 29 17:01:51 suse100m kernel: cpu_init done, current fid 0xe, vid 0x8
Jul 1 02:25:16 suse100m sshd[18214]: error: PAM: Authentication failure for root from xdsl-213-196-192-39.netcologne.de
Jul 1 02:25:23 suse100m sshd[18214]: error: PAM: Authentication failure for root from xdsl-213-196-192-39.netcologne.de
Jul 1 02:25:34 suse100m sshd[18214]: error: PAM: Authentication failure for root from xdsl-213-196-192-39.netcologne.de
Jul 1 02:25:45 suse100m sshd[18214]: error: PAM: Authentication failure for root from xdsl-213-196-192-39.netcologne.de
Jul 1 02:31:43 suse100m sshd[18285]: error: PAM: Authentication failure for root from xdsl-195-14-200-2.netcologne.de
Jul 1 02:37:50 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 02:37:51 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 02:37:51 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 02:37:51 suse100m SuSEfirewall2: Warning: no interface active
Jul 1 02:47:18 suse100m sshd[18813]: error: PAM: Authentication failure for root from xdsl-213-196-192-39.netcologne.de
Jul 1 05:31:25 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:31:25 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:31:25 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:31:25 suse100m SuSEfirewall2: Warning: no interface active
Jul 1 05:45:49 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:45:50 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:45:50 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:45:50 suse100m SuSEfirewall2: Warning: no interface active
Jul 1 05:55:49 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:55:50 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:55:50 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 1 05:55:50 suse100m SuSEfirewall2: Warning: no interface active
Jul 1 22:27:21 suse100m syslog-ng[4704]: Changing permissions on special file /dev/xconsole
Jul 1 22:27:21 suse100m syslog-ng[4704]: Changing permissions on special file /dev/tty10
Jul 1 22:27:21 suse100m sshd[27528]: error: PAM: Authentication failure for upload from xdsl-195-14-221-172.netcologne.de
Jul 2 04:47:42 suse100m sshd[28232]: error: PAM: Authentication failure for ts2 from xdsl-195-14-221-172.netcologne.de
Jul 3 13:51:40 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 3 13:51:40 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 3 13:51:40 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 3 13:51:40 suse100m SuSEfirewall2: Warning: no interface active
Jul 3 15:17:03 suse100m sshd[6505]: error: PAM: Authentication failure for upload from xdsl-195-14-223-229.netcologne.de
Jul 4 19:11:42 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 4 19:11:42 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 4 19:11:42 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 4 19:11:42 suse100m SuSEfirewall2: Warning: no interface active
Jul 7 01:27:14 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 7 01:27:14 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 7 01:27:14 suse100m SuSEfirewall2: Warning: ip6tables does not support state matching. Extended IPv6 support disabled.
Jul 7 01:27:14 suse100m SuSEfirewall2: Warning: no interface active
Z.B. dieses dauernde IPv6 support blabla stört mich, da ich es auf meinem Testserver nicht hatte. Diese PAM Fehler sind auf meine IP zurückzuführen. Was mich auch stört ist "Jun 29 17:01:51 suse100m kernel: ACPI-0212: *** Warning: Device is not power manageable". Was ich auch nicht zuordnen kann ist "Jun 26 16:22:34 suse100m syslog-ng[4801]: Changing permissions on special file /dev/tty10" , also allgemein das "Changing permission on special file xy" . Ich weiss, sowas sollte man eigentlich wissen, aber wenn mir jemand darüber etwas sagen kann, habe ich es auch verstanden, da ich bei sowas sofort lerne.

MfG
Soldier
Top
codc
Posts: 97
Joined: 2004-01-08 02:55
Location: Tübingen
Contact:
Contact codc
 

Re: Logdateien

Post by codc »

lass mich raten - du vertraust dem provider image bzw. du hast so was auf dem rootie laufen.

Alle die ich bislang kennen gelernt habe sind Müll - zieh dir selber ein System auf mit eigener und für das System optimierter Partitonierung der HDD angefangen bis irgendwo nur mit Software die du kennst bzw. brauchst.

Dann sieht dein Server aus wie dein Testsystem und die Logs sehen auch so aus und du verstehst was auf der Kiste passiert.
Top
soldier601
Posts: 8
Joined: 2007-07-07 02:28
 

Re: Logdateien

Post by soldier601 »

Hallo codc,
vielen Dank für die späte Antwort

also, auf dem Rootserver ist SuSE 10.0 installiert.... von Hetzner ... Es wäre ja kein Problem für mich, ein eigenes Linux zu installieren, nur ist das überhaupt möglich? Und um nochmal auf die Logdateien zurück zu fallen, sind diese sehr kritisch?

MfG
Soldier
Top
codc
Posts: 97
Joined: 2004-01-08 02:55
Location: Tübingen
Contact:
Contact codc
 

Re: Logdateien

Post by codc »

Wenn die Kiste ein Rootserver oder besser gesagt ein dedizierter Server ist dann kannst/solltest du damit alles machen können was die AGBs des Providers und die derzeitige Gesetzeslage zulassen. Ersteres kenne ich nicht und zu zweiterem möchte ich nichts sagen da ich kein Rechtsanwalt bin und da dank eines <freie Meinungsäußerung> Amog laufenden/rollenden Innenminister</freie Meinungäußerung> keine oder nur halbqualifizierte Ahnung habe.

Ich denke aber das du durchaus eine eigene Distro installieren kannst. Der Vorteil ist einfach u.a. dass du genau weisst was auf der Kiste an Diensten läuft weil du sie selber installiert hast. Der Nachteil ist es braucht Zeit bis du die Kiste produktiv betreiben kannst weil eine Menge Handarbeit nötig ist und wenn du nur nach Feierabend (wie ich z.B.) dazu Zeit hast dann kann das schon mal ein paar Wochen kosten.
Top
soldier601
Posts: 8
Joined: 2007-07-07 02:28
 

Re: Logdateien

Post by soldier601 »

Vielen Dank für die Tipps...

Aber kann mir dennoch jemand verraten was die Logs so einigermassen meinen? wie gesagt ich brauch es nur einmal wissen, ich komme dann net jeden tag und frag "hier, sind die logs in ordnung"^^

MfG
Soldier
Top
Roger Wilco
Posts: 5923
Joined: 2004-05-23 12:53
 

Re: Logdateien

Post by Roger Wilco »

Es ist nichts kritisches dabei. Du hast eben keine IPv6-Unterstützung für netfilter und irgendein Gerät entzieht sich dem Power Management durch ACPI. Aber ACPI-Unterstützung ist auf einem dedizierten Server, der sowieso 24/7 läuft, eher unnötig.
Top
dtdesign
Posts: 391
Joined: 2006-09-05 21:12
Location: Berlin
Contact:
Contact dtdesign
 

Re: Logdateien

Post by dtdesign »

Abgesehen davon, dass RW mal wieder schneller war, würde ich dir nicht unbedingt empfehlen, wegen so harmlosen Dingen das ganze System neu aufzusetzen. Klar hat es seine Vorteile, wenn man alles nach seinen Wünschen einrichten kann, jedoch tut es dabei auch ein Minimalimage einer Distribution. Zum Beispiel wird Debian Sarge gerne als Minimalimage angeboten, auch wenn der Kernel meist Schrott ist und nichtmal netfilter hat...

Aber da die Logmeldungen sowieso uninteressant sind, folge dem Grundsatz "Never change a running system."

Gruß
dtdesign
Top
soldier601
Posts: 8
Joined: 2007-07-07 02:28
 

Re: Logdateien

Post by soldier601 »

vielen vielen Dank euch 2. Ich verwende das von Hetzner bereitgestellte SuSE 10.0 minimal image (sieht man ja am rechnernamen... suse100m). Aber ihr habt mir erstmal einen klotz vom Herzen genommen, also werde ich diese Meldungen bei meiner täglichen Kontrolle nicht so auf die Goldwaage legen.

MfG
Soldier
Top
soldier601
Posts: 8
Joined: 2007-07-07 02:28
 

Re: Logdateien

Post by soldier601 »

Tut mir leid das ich nochmal störe, aber ich habe mal einen blick in die messages - Logdatei gewagt, und was mir da zu Augenschein kam, gefiel mir garnicht, da ist 90% voll mit sowas:
Jun 28 23:11:41 suse100m sshd[23607]: Invalid user raimundo from 195.90.137.24
Jun 28 23:11:41 suse100m sshd[23609]: Invalid user joan from 195.90.137.24
Jun 28 23:11:42 suse100m sshd[23611]: Invalid user johan from 195.90.137.24
Jun 28 23:11:43 suse100m sshd[23613]: Invalid user sebastian from 195.90.137.24
Jun 28 23:11:43 suse100m sshd[23615]: Invalid user agata from 195.90.137.24
Jun 28 23:11:44 suse100m sshd[23617]: Invalid user administrator from 195.90.137.24
Jun 28 23:11:45 suse100m sshd[23621]: Invalid user alexandre from 195.90.137.24
Jun 28 23:11:45 suse100m sshd[23623]: Invalid user joseluis from 195.90.137.24
Jun 28 23:11:46 suse100m sshd[23625]: Invalid user ppazmino from 195.90.137.24
Jun 28 23:11:46 suse100m sshd[23627]: Invalid user utilidades from 195.90.137.24
Jun 28 23:11:47 suse100m sshd[23629]: Invalid user utilidad from 195.90.137.24
Jun 28 23:11:48 suse100m sshd[23631]: Invalid user amstelecom from 195.90.137.24
Jun 28 23:11:48 suse100m sshd[23633]: Invalid user dedlogistica from 195.90.137.24
Jun 28 23:11:49 suse100m sshd[23635]: Invalid user dsantiago from 195.90.137.24
Jun 28 23:11:49 suse100m sshd[23637]: Invalid user marcia from 195.90.137.24
Jun 28 23:11:50 suse100m sshd[23639]: Invalid user consultoria from 195.90.137.24
Jun 28 23:11:50 suse100m sshd[23641]: Invalid user primaveras from 195.90.137.24
Jun 28 23:11:51 suse100m sshd[23643]: Invalid user salvatore from 195.90.137.24
Jun 28 23:11:52 suse100m sshd[23645]: Invalid user comerciais from 195.90.137.24
Jun 28 23:11:52 suse100m sshd[23647]: Invalid user cartas from 195.90.137.24
Jun 28 23:11:53 suse100m sshd[23649]: Invalid user carta from 195.90.137.24
Jun 28 23:11:54 suse100m sshd[23651]: Invalid user moralez from 195.90.137.24
Jun 28 23:11:54 suse100m sshd[23653]: Invalid user nieves from 195.90.137.24
Jun 28 23:11:55 suse100m sshd[23655]: Invalid user sol from 195.90.137.24
Jun 28 23:11:56 suse100m sshd[23657]: Invalid user perla from 195.90.137.24
Jun 28 23:11:56 suse100m sshd[23659]: Invalid user rocio from 195.90.137.24
Jun 28 23:11:57 suse100m sshd[23661]: Invalid user simon from 195.90.137.24
Jun 28 23:11:57 suse100m sshd[23663]: Invalid user sergio from 195.90.137.24
Jun 28 23:11:58 suse100m sshd[23665]: Invalid user altagracia from 195.90.137.24
Jun 28 23:11:58 suse100m sshd[23667]: Invalid user piedad from 195.90.137.24
Jun 28 23:11:59 suse100m sshd[23669]: Invalid user paz from 195.90.137.24
Jun 28 23:11:59 suse100m sshd[23671]: Invalid user rosario from 195.90.137.24
Jun 28 23:12:00 suse100m sshd[23673]: Invalid user bautista from 195.90.137.24
Jun 28 23:12:01 suse100m sshd[23675]: Invalid user brigida from 195.90.137.24
Jun 28 23:12:01 suse100m sshd[23677]: Invalid user baltasar from 195.90.137.24
Jun 28 23:12:02 suse100m sshd[23679]: Invalid user efrain from 195.90.137.24
Jun 28 23:12:02 suse100m sshd[23681]: Invalid user joaquin from 195.90.137.24
Jun 28 23:12:03 suse100m sshd[23683]: Invalid user ismael from 195.90.137.24
Jun 28 23:12:03 suse100m sshd[23685]: Invalid user mateo from 195.90.137.24
Jun 28 23:12:04 suse100m sshd[23687]: Invalid user eva from 195.90.137.24
Jun 28 23:12:04 suse100m sshd[23689]: Invalid user tomas from 195.90.137.24
Jun 28 23:12:05 suse100m sshd[23691]: Invalid user teofilo from 195.90.137.24
Jun 28 23:12:06 suse100m sshd[23693]: Invalid user tadeo from 195.90.137.24
Jun 28 23:12:06 suse100m sshd[23695]: Invalid user pelayo from 195.90.137.24
Jun 28 23:12:07 suse100m sshd[23697]: Invalid user narciso from 195.90.137.24
Jun 28 23:12:07 suse100m sshd[23699]: Invalid user porfirio from 195.90.137.24
Jun 28 23:12:08 suse100m sshd[23701]: Invalid user hipolito from 195.90.137.24
Jun 28 23:12:08 suse100m sshd[23703]: Invalid user isidro from 195.90.137.24
Jun 28 23:12:09 suse100m sshd[23705]: Invalid user gregorio from 195.90.137.24
Jun 28 23:12:10 suse100m sshd[23707]: Invalid user engracia from 195.90.137.24
Jun 28 23:12:10 suse100m sshd[23709]: Invalid user berta from 195.90.137.24
Jun 28 23:12:11 suse100m sshd[23711]: Invalid user cirilo from 195.90.137.24
Jun 28 23:12:11 suse100m sshd[23713]: Invalid user demetrio from 195.90.137.24
Jun 28 23:12:12 suse100m sshd[23715]: Invalid user angelica from 195.90.137.24
Jun 28 23:12:12 suse100m sshd[23717]: Invalid user basilio from 195.90.137.24
Jun 28 23:12:13 suse100m sshd[23719]: Invalid user casandra from 195.90.137.24
Jun 28 23:12:13 suse100m sshd[23721]: Invalid user alondra from 195.90.137.24
Jun 28 23:12:14 suse100m sshd[23723]: Invalid user agueda from 195.90.137.24
Jun 28 23:12:15 suse100m sshd[23725]: Invalid user severino from 195.90.137.24
Jun 28 23:12:16 suse100m sshd[23727]: Invalid user antonia from 195.90.137.24
Jun 28 23:12:16 suse100m sshd[23729]: Invalid user vicente from 195.90.137.24
Jun 28 23:12:17 suse100m sshd[23731]: Invalid user valentin from 195.90.137.24
Jun 28 23:12:17 suse100m sshd[23733]: Invalid user rogelio from 195.90.137.24
Jun 28 23:12:18 suse100m sshd[23735]: Invalid user sancho from 195.90.137.24
Jun 28 23:12:18 suse100m sshd[23737]: Invalid user saturnino from 195.90.137.24
Jun 28 23:12:19 suse100m sshd[23739]: Invalid user domingo from 195.90.137.24
Jun 28 23:12:19 suse100m sshd[23741]: Invalid user placido from 195.90.137.24
Jun 28 23:12:20 suse100m sshd[23743]: Invalid user pia from 195.90.137.24
Jun 28 23:12:21 suse100m sshd[23745]: Invalid user pio from 195.90.137.24
Jun 28 23:12:21 suse100m sshd[23747]: Invalid user pabla from 195.90.137.24
Jun 28 23:12:25 suse100m sshd[23749]: Invalid user patricio from 195.90.137.24
Jun 28 23:12:25 suse100m sshd[23751]: Invalid user mario from 195.90.137.24
Jun 28 23:12:26 suse100m sshd[23753]: Invalid user lorenzo from 195.90.137.24
Jun 28 23:12:26 suse100m sshd[23755]: Invalid user hilario from 195.90.137.24
Jun 28 23:12:27 suse100m sshd[23757]: Invalid user hilaria from 195.90.137.24
Jun 28 23:12:27 suse100m sshd[23759]: Invalid user juliano from 195.90.137.24
Jun 28 23:12:28 suse100m sshd[23761]: Invalid user fabio from 195.90.137.24
Jun 28 23:12:29 suse100m sshd[23763]: Invalid user fermin from 195.90.137.24
Jun 28 23:12:29 suse100m sshd[23765]: Invalid user cayo from 195.90.137.24
Jun 28 23:12:30 suse100m sshd[23767]: Invalid user cayetano from 195.90.137.24
Jun 28 23:12:30 suse100m sshd[23769]: Invalid user calista from 195.90.137.24
Jun 28 23:12:31 suse100m sshd[23771]: Invalid user curcio from 195.90.137.24
Jun 28 23:12:31 suse100m sshd[23773]: Invalid user eloy from 195.90.137.24
Jun 28 23:12:32 suse100m sshd[23775]: Invalid user augusto from 195.90.137.24
Jun 28 23:12:32 suse100m sshd[23777]: Invalid user blas from 195.90.137.24
Jun 28 23:12:33 suse100m sshd[23779]: Invalid user colon from 195.90.137.24
Jun 28 23:12:34 suse100m sshd[23781]: Invalid user ciceron from 195.90.137.24
Jun 28 23:12:34 suse100m sshd[23783]: Invalid user benedicto from 195.90.137.24
Jun 28 23:12:35 suse100m sshd[23785]: Invalid user benedicta from 195.90.137.24
Jun 28 23:12:36 suse100m sshd[23787]: Invalid user benita from 195.90.137.24
Und auch eine ganze Menge der Art:
Jul 10 16:36:50 suse100m sshd[18652]: Invalid user admin from 66.235.201.119
Jul 10 16:36:50 suse100m sshd[18652]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:36:51 suse100m sshd[18654]: Invalid user admin from 66.235.201.119
Jul 10 16:36:51 suse100m sshd[18654]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:36:53 suse100m sshd[18656]: Invalid user admin from 66.235.201.119
Jul 10 16:36:53 suse100m sshd[18656]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:36:54 suse100m sshd[18658]: Invalid user marylee from 66.235.201.119
Jul 10 16:36:54 suse100m sshd[18658]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:36:56 suse100m sshd[18660]: Invalid user matt from 66.235.201.119
Jul 10 16:36:56 suse100m sshd[18660]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:36:57 suse100m sshd[18662]: Invalid user kenmorgan from 66.235.201.119
Jul 10 16:36:57 suse100m sshd[18662]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:36:59 suse100m sshd[18664]: Invalid user maryleejarnot from 66.235.201.119
Jul 10 16:36:59 suse100m sshd[18664]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:00 suse100m sshd[18666]: Invalid user toddklocke from 66.235.201.119
Jul 10 16:37:00 suse100m sshd[18666]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:02 suse100m sshd[18668]: Invalid user Matt from 66.235.201.119
Jul 10 16:37:02 suse100m sshd[18668]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:03 suse100m sshd[18670]: Invalid user samanderson from 66.235.201.119
Jul 10 16:37:03 suse100m sshd[18670]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:05 suse100m sshd[18672]: Invalid user gregarmstrong from 66.235.201.119
Jul 10 16:37:05 suse100m sshd[18672]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:06 suse100m sshd[18674]: Invalid user gregarmstrong from 66.235.201.119
Jul 10 16:37:06 suse100m sshd[18674]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:08 suse100m sshd[18676]: Invalid user johnnordstrom from 66.235.201.119
Jul 10 16:37:08 suse100m sshd[18676]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:09 suse100m sshd[18678]: Invalid user jimstock from 66.235.201.119
Jul 10 16:37:09 suse100m sshd[18678]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Jul 10 16:37:11 suse100m sshd[18680]: reverse mapping checking getaddrinfo for ds201-119.ipowerweb.com failed - POSSIBLE BREAKIN ATTEMPT!
Die Datei ist mittlerweile 2,3MB groß und wiegesagt mit 90% dieser Meldungen beschrieben, das kann doch nicht normal sein, oder etwa doch? Sollte ich irgendwelche Maßnahmen unternehmen oder ist dies nicht so tragisch?

Bitte helft mir

Gruß
Soldier
Top
User avatar
Joe User
Project Manager
Project Manager
Posts: 11191
Joined: 2003-02-27 01:00
Location: Hamburg
Contact:
Contact Joe User
 

Re: Logdateien

Post by Joe User »

Das ist vollkommen normal.
Top
Roger Wilco
Posts: 5923
Joined: 2004-05-23 12:53
 

Re: Logdateien

Post by Roger Wilco »

Soldier601 wrote:Die Datei ist mittlerweile 2,3MB groß und wiegesagt mit 90% dieser Meldungen beschrieben, das kann doch nicht normal sein, oder etwa doch?
Doch. Willkommen im Internetz.
Soldier601 wrote:Sollte ich irgendwelche Maßnahmen unternehmen oder ist dies nicht so tragisch?
Sicheres Passwörter für deine Benutzerkonten oder generell die Anmeldung nur noch schlüsselbasiert erlauben. Die Suchfunktion hilft.
Top
dtdesign
Posts: 391
Joined: 2006-09-05 21:12
Location: Berlin
Contact:
Contact dtdesign
 

Re: Logdateien

Post by dtdesign »

Hach, diese Nachrichten sind immer so lustig.

Um dir ein besseres Gefühl zu geben:

1) Die Benutzernamen sind Vornamen aus dem (tippe ich mal) spanisch-/portugisisch sprachigen Raum
2) Die Benutzer werden ausprobiert, jedoch nur mit einer sehr geringen Anzahl an Passwörtern

Zu 1) Die Wahrscheinlichkeit, dass dein Benutzername dort drin steht ist verschwindend gering
Zu 2) Da es sich um Bots handelt, die Tausende Server mit soetwas scannen macht es für die keinen Sinn für jeden Benutzer 1 Millionen Passwörter auszuprobieren. Im Grunde genommen lächerlich, da die es mit dieser Methode wahrscheinlich nie schaffen werden, aber lustig anzusehen :)

Gruß
dtdesign
Top
soldier601
Posts: 8
Joined: 2007-07-07 02:28
 

Re: Logdateien

Post by soldier601 »

okay, hab ich mir auch irgendwie schon gedacht. Für meine Benutzer habe ich recht sichere Passwörter gewählt. Naja was ich noch überlegt habe, würde es denn helfen wenn ich den SSH Port nicht auf 22 setze, sondern auf einen Port wie 49356 (Beispiel)? Aber am besten lasse ich es einfach so wie es ist. Vielen Dank nochmal.

MfG
Soldier
Top
User avatar
daemotron
Administrator
Administrator
Posts: 2641
Joined: 2004-01-21 17:44
Contact:
Contact daemotron
 

Re: Logdateien

Post by daemotron »

Portverlegung auf einen krummen Port hilft ein bisschen, was den Müll in den Logfiles angeht. Echte Sicherheit bringt es aber nicht, dafür sind die Passwörter oder besser noch Keys zuständig. Aber auch hierzu spuckt die Suchfunktion was aus... gaaaaanz sicher :D
Top
dtdesign
Posts: 391
Joined: 2006-09-05 21:12
Location: Berlin
Contact:
Contact dtdesign
 

Re: Logdateien

Post by dtdesign »

jfreund wrote:Aber auch hierzu spuckt die Suchfunktion was aus... gaaaaanz sicher :D
:arrow: populaere irrtuemer: security by obscurity

SCNR
Top
Post Reply

Return to “Security”