From 9ff928d1d59d492a621a1afbdb774ae3b709344b Mon Sep 17 00:00:00 2001 From: Fredrik Wahlberg Date: Sun, 26 Mar 2017 21:22:25 +0200 Subject: [PATCH] Diverse uppdaterade regler --- logcheck_debian | 42 +++++++++++++++++++++++++++++++++--------- logcheck_ubuntu | 16 +++++++++++++--- testlog | 37 +++++++++++++++++++++++++++++++++++++ 3 files changed, 83 insertions(+), 12 deletions(-) diff --git a/logcheck_debian b/logcheck_debian index 151da56..dd9a0a1 100644 --- a/logcheck_debian +++ b/logcheck_debian @@ -90,8 +90,8 @@ #Mar 17 06:30:26 kvarnen freshclam[485]: Update failed. Your network may be down or none of the mirrors listed in /etc/clamav/freshclam.conf is working. Check http://www.clamav.net/doc/mirrors-faq.html for possible reasons. \w{3} [ :0-9]{11} [._[:alnum:]-]+ freshclam\[[0-9]+\]: Update failed. Your network may be down or none of the mirrors listed in \/etc\/clamav\/freshclam.conf is working. Check http:\/\/www.clamav.net\/doc\/mirrors-faq.html for possible reasons. - - +#Mar 19 06:47:45 nada clamav-milter: ClamAV: mi_stop=1 +\w{3} [ :0-9]{11} [._[:alnum:]-]+ clamav-milter: ClamAV: mi_stop=1 # @@ -183,7 +183,7 @@ #Mar 11 06:34:44 nada named[1771]: reading built-in trusted keys from file '/etc/bind/bind.keys' #Mar 11 06:34:44 nada named[1771]: sizing zone task pool based on 21 zones #Mar 11 06:34:44 nada named[1771]: Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones|sizing zone task pool based on [[:digit:]]+ zones|received control channel command 'reload'|reading built-in trusted keys from file '/etc/bind/bind.keys') +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: (Warning: 'empty-zones-enable/disable-empty-zone' not set: disabling RFC 1918 empty zones|sizing zone task pool based on [[:digit:]]+ zones|received control channel command 'reload( [.[:alnum:]]+)?'|reading built-in trusted keys from file '/etc/bind/bind.keys') #Mar 10 06:43:39 nada named[1771]: client 95.170.86.14#50337: received notify for zone 'happysthlm.com' ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: received notify for zone '[-.[:alnum:]]+' @@ -191,7 +191,7 @@ #Mar 13 19:06:05 nada named[1771]: client 95.170.86.14#54781: transfer of 'stiy.com/IN': IXFR ended #Mar 3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR started #Mar 3 18:45:43 nada named[31321]: client 46.21.104.9#48923: transfer of 'wahlberg.se/IN': AXFR-style IXFR ended -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: transfer of '[-.[:alnum:]]+/IN': (IXFR|AXFR-style) (started|ended) +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [.:[:xdigit:]]+\#[[:digit:]]+: transfer of '[-.[:alnum:]]+/IN':( AXFR-style) IXFR (started|ended) #Mar 11 06:34:44 nada named[1771]: reloading configuration succeeded #Mar 11 06:34:44 nada named[1771]: reloading zones succeeded @@ -230,6 +230,10 @@ #Mar 4 15:06:28 marconi named[27570]: client 113.240.250.154#43169: message parsing failed: bad compression pointer ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: client [#.[:digit:]]+: message parsing failed: bad compression pointer +#Mar 16 10:33:41 nada named[31321]: zone happysthlm.se/IN: loaded serial 2017031600 +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ named\[[[:digit:]]+\]: zone [-.[:alnum:]]+/IN: loaded serial [[:digit:]]+ + + # # SASLAUTHD @@ -304,14 +308,22 @@ ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: Milter: to=[.@%[:alnum:]]+, reject=451 4.7.1 Greylisting in action, please come back later #Apr 9 09:51:26 nada sm-mta[6169]: u397pP13006169: rejecting commands from [113.240.250.156] [113.240.250.156] due to pre-greeting traffic after 1 seconds -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: rejecting commands from \[[.[:digit:]]+\] \[[.[:digit:]]+\] due to pre-greeting traffic after [[:digit:]]+ seconds +#Mar 23 19:07:02 nada sm-mta[20228]: v2NI71CW020228: rejecting commands from ec2-35-165-194-208.us-west-2.compute.amazonaws.com [35.165.194.208] due to pre-greeting traffic after 1 seconds +#Mar 23 23:44:38 nada sm-mta[17761]: v2NMibVZ017761: rejecting commands from ecs-160-44-202-130.reverse.open-telekom-cloud.com [160.44.202.130] due to pre-greeting traffic after 1 seconds +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: rejecting commands from (\[[.[:digit:]]+\]|[-.[:alnum:]]+) \[[.[:digit:]]+\] due to pre-greeting traffic after [[:digit:]]+ seconds #Apr 15 10:25:06 nada sm-mta[23906]: u3F8P26J023665: u3F8P66I023906: DSN: Service unavailable ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [[:alnum:]]+: DSN: Service unavailable +#Mar 17 11:32:29 nada sm-mta[775]: v2HAWQ2g000768: v2HAWT2f000775: DSN: Host unknown (Name server: hgadvokat.se: host not found) +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [[:alnum:]]+: DSN: Host unknown \(Name server: +#[-.[:alnum:]]+: host not found\) + + #Apr 14 11:05:05 nada sm-mta[15662]: u3E955KV015662: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET http://www.ipip.net/ HTTP/1.1\r\n #Apr 20 15:10:44 nada sm-mta[5182]: u3KDAiZT005182: li1068-122.members.linode.com [106.184.3.122]: probable open proxy: command=GET / HTTP/1.1\r\n -^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: [-.[:alnum:]]+ \[[.[:digit:]]+\]: probable open proxy: command=GET (http://www.ipip.net)?/ HTTP/1.1\\r\\n +#Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ sm-mta\[[0-9]+\]: [[:alnum:]]+: ([-.[:alnum:]]+ )?\[[.[:digit:]]+\]: probable open proxy: command=GET (http://www.ipip.net)?/ HTTP/1.1\\r\\n #Oct 24 06:04:11 nada sm-mta[7813]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS=client, error: connect failed=-1, SSL_error=1, errno=0, retry=-1 @@ -329,7 +341,11 @@ #Mar 6 23:47:37 nada sm-mta[11119]: v26MlObG011113: Fixed MIME Content-Type header field (possible attack) ^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: Fixed MIME Content-Type header field \(possible attack\) +#Mar 8 07:31:45 nada sm-mta[16598]: v286VitB016598: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207] +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: [[:alnum:]]+: AUTH decode64 error \[-5 for "[=\\[:alnum:]]+"\], relay=\[[.:[:digit:]]+\] +#Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5 +^\w{3} [ :0-9]{11} [._[:alnum:]-]+ (sendmail|sm-(mta|msp|que))\[[0-9]+\]: STARTTLS: write error=syscall error \(-1\), errno=32, get_error=error:00000000:lib\(0\):func\(0\):reason\(0\), retry=99, ssl_err=5 @@ -389,14 +405,16 @@ # Mar 8 12:09:30 nada sshd[26267]: Received disconnect from 199.91.135.158: 3: com.jcraft.jsch.JSchException: reject HostKey: 66.23.226.92 [preauth] # Feb 28 03:09:57 nada sshd[30462]: Received disconnect from 47.89.188.218: 3: com.jcraft.jsch.JSchException: Auth cancel [preauth] #Mar 3 21:19:31 marconi sshd[17576]: error: Received disconnect from 212.83.160.203 port 57458:3: com.jcraft.jsch.JSchException: Auth cancel [preauth] -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [[:digit:]]+:|: )3: (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException): (reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel) \[preauth\] +#Mar 19 04:36:45 marconi sshd[26598]: error: Received disconnect from 46.165.220.212 port 52999:13: User request [preauth] +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]:( error:)? Received disconnect from [.:[:digit:]]+( port [[:digit:]]+:|: )(3|13): (java.net.SocketTimeoutException|com.jcraft.jsch.JSchException|User request)(: )?(reject HostKey: [.:[:digit:]]+|Auth fail|Read timed out|Auth cancel)? \[preauth\] #Mar 26 16:18:46 nada sshd[3298]: Received disconnect from 91.193.74.33: 11: Bye [preauth] #Apr 7 13:59:42 nada sshd[19013]: Received disconnect from 2.234.148.20: 11: ok [preauth] #Apr 3 12:26:03 nada sshd[15236]: Received disconnect from 125.212.232.83: 11: Closed due to user request. [preauth] #May 14 10:15:47 nada sshd[26005]: Received disconnect from 115.239.230.223: 11: disconnect [preauth] #Aug 17 10:52:11 nada sshd[24804]: Received disconnect from 89.97.55.33: 11: disconnected by user [preauth] -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: (disconnect(ed by user)?|ok|Bye|Closed due to user request.) \[preauth\] +#Mar 17 07:29:31 nada sshd[7692]: Received disconnect from 178.162.211.197: 13: User request [preauth] +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: (11|13): (User request|disconnect(ed by user)?|ok|Bye|Closed due to user request.) \[preauth\] #Mar 24 11:06:21 kvarnen sshd[5495]: channel 4: open failed: administratively prohibited: open failed ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: channel [[:digit:]]: open failed: administratively prohibited: open failed @@ -435,6 +453,9 @@ #May 11 01:17:42 kvarnen sshd[14739]: fatal: Unable to negotiate a key exchange method [preauth] ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate a key exchange method \[preauth\] +#Mar 17 09:44:38 marconi sshd[27920]: fatal: Unable to negotiate with 212.129.20.230 port 51562: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth] +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.[:digit:]]+ port [[:alnum:]]+: no matching cipher found. Their offer: .* \[preauth\] + #Apr 27 12:36:56 kvarnen sshd[26293]: Bad protocol version identification 'GET http://clientapi.ipip.net/echo.php?info=20160427185402 HTTP/1.1' from 106.184.2.29 port 7680 #May 13 16:59:50 kvarnen sshd[21380]: Bad protocol version identification '' from 171.13.14.52 port 59637 ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Bad protocol version identification '.*' from [.:[:digit:]]+ port [[:digit:]]+ @@ -472,7 +493,10 @@ Mar 4 07:38:01 nada sshd[15794]: input_userauth_request: invalid user [preauth #Mar 8 03:17:11 nada sshd[23415]: Received disconnect from 91.195.103.166: 11: Client disconnecting normally [preauth] #Mar 7 19:37:07 nada sshd[9647]: Received disconnect from 91.195.103.173: 11: Client disconnecting normally [preauth] -\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+: 11: Client disconnecting normally \[preauth\] +#Mar 9 15:08:55 marconi sshd[25800]: Received disconnect from 61.158.188.21 port 59944:11: ok [preauth] +#Mar 9 15:22:40 marconi sshd[29305]: Received disconnect from 202.163.123.135 port 59164:11: ok [preauth] + +\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+(:)? (port [[:digit:]]+:)?11: (Client disconnecting normally|ok) \[preauth\] diff --git a/logcheck_ubuntu b/logcheck_ubuntu index 6c0bb94..fe61b8a 100644 --- a/logcheck_ubuntu +++ b/logcheck_ubuntu @@ -2,7 +2,7 @@ # BACKUP # \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ BACKUP: - +\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ backup\[[[:digit:]]+\] # # DBUS @@ -24,7 +24,8 @@ \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPACK of [.:[:digit:]]+ from [.:[:digit:]]+ #Mar 2 16:25:24 marconi dhclient[22777]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x74f7120) -\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPREQUEST of [.:[:digit:]]+ on enp4s0 to [.:[:digit:]]+ port 67 \(xid\=0x74f7120\) +#Mar 25 02:59:08 marconi dhclient[31370]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x3d70f3bb) +\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhclient\[[[:digit:]]+\]: DHCPREQUEST of [.:[:digit:]]+ on enp4s0 to [.:[:digit:]]+ port 67 \(xid\=[[:alnum:]]+\) #Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: new request (1 scripts) \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nm-dispatcher: req:1 'dhcp4-change' \[enp4s0\]: new request \(1 scripts\) @@ -32,6 +33,14 @@ #Mar 2 16:25:24 marconi nm-dispatcher: req:1 'dhcp4-change' [enp4s0]: start running ordered scripts... \w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ nm-dispatcher: req:1 'dhcp4-change' \[enp4s0\]: start running ordered scripts... +#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding route to 192.168.1.0/24 +#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding default route via 192.168.1.1 +#Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: removing default route via 192.168.1.1 +\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpcd\[[[:digit:]]+\]: enp4s0: (adding|removing)( default)? route (via|to) 192.168.?.?(\/24)? + +#Mar 25 05:53:41 marconi dhcpcd[2859]: if_route (ADD): File exists +\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ dhcpcd\[[[:digit:]]+\]: if_route \(ADD\): File exists + @@ -78,7 +87,8 @@ ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: Received disconnect from [.:[:digit:]]+ port [.:[:digit:]]+:11: Bye Bye \[preauth\] #Mar 2 20:33:25 marconi sshd[3723]: fatal: Unable to negotiate with 103.207.39.105 port 59502: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 [preauth] -^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1 \[preauth\] +#Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth] +^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: fatal: Unable to negotiate with [.:[:digit:]]+ port [.:[:digit:]]+: no matching key exchange method found. Their offer: [-,[:alnum:]]+ \[preauth\] #Mar 2 20:51:23 marconi sshd[8330]: error: maximum authentication attempts exceeded for invalid user admin from 182.45.153.221 port 54407 ssh2 [preauth] ^\w{3} [ :[:digit:]]{11} [._[:alnum:]-]+ sshd\[[[:digit:]]+\]: error: maximum authentication attempts exceeded for invalid user [[:alnum:]]+ from [.:[:digit:]]+ port [.:[:digit:]]+ ssh2 \[preauth\] diff --git a/testlog b/testlog index 558100b..29043a4 100644 --- a/testlog +++ b/testlog @@ -426,6 +426,43 @@ Mar 6 22:43:34 nada sshd[4306]: Disconnecting: Packet corrupt [preauth] Mar 6 23:47:37 nada sm-mta[11119]: v26MlObG011113: Fixed MIME Content-Type header field (possible attack) Mar 8 03:17:11 nada sshd[23415]: Received disconnect from 91.195.103.166: 11: Client disconnecting normally [preauth] Mar 7 19:37:07 nada sshd[9647]: Received disconnect from 91.195.103.173: 11: Client disconnecting normally [preauth] +Mar 8 07:31:45 nada sm-mta[16598]: v286VitB016598: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207] +Mar 9 05:30:02 marconi backup[1895]: Startar backup av marconi +Mar 9 05:42:53 marconi sshd[6125]: fatal: Unable to negotiate with 84.241.42.101 port 61319: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth] +Mar 9 09:18:45 marconi backup[12320]: Jobbet avslutat och alla filer flyttade +Mar 9 15:08:55 marconi sshd[25800]: Received disconnect from 61.158.188.21 port 59944:11: ok [preauth] +Mar 9 15:22:40 marconi sshd[29305]: Received disconnect from 202.163.123.135 port 59164:11: ok [preauth] +OA +Mar 17 07:29:31 nada sshd[7692]: Received disconnect from 178.162.211.197: 13: User request [preauth] +Mar 17 11:32:29 nada sm-mta[775]: v2HAWQ2g000768: v2HAWT2f000775: DSN: Host unknown (Name server: hgadvokat.se: host not found) +Mar 17 09:44:38 marconi sshd[27920]: fatal: Unable to negotiate with 212.129.20.230 port 51562: no matching cipher found. Their offer: aes256-cbc,rijndael-cbc@lysator.liu.se,aes192-cbc,aes128-cbc,arcfour128,arcfour,3des-cbc,none [preauth] +Mar 16 16:34:12 nada sshd[11591]: input_userauth_request: invalid user [preauth] +Mar 16 10:33:41 nada named[31321]: received control channel command 'reload happysthlm.se' +Mar 16 10:33:41 nada named[31321]: zone happysthlm.se/IN: loaded serial 2017031600 +Mar 16 10:33:42 nada named[31321]: client 192.3.61.229#33639: transfer of 'happysthlm.se/IN': AXFR-style IXFR started +Mar 16 10:33:42 nada named[31321]: client 192.3.61.229#33639: transfer of 'happysthlm.se/IN': AXFR-style IXFR ended +Mar 16 11:47:51 nada named[31321]: client 46.162.117.83#39505: transfer of 'happysthlm.se/IN': AXFR-style IXFR started +Mar 16 11:47:51 nada named[31321]: client 46.162.117.83#39505: transfer of 'happysthlm.se/IN': AXFR-style IXFR ended +Mar 16 03:41:06 nada sm-mta[28708]: STARTTLS: write error=syscall error (-1), errno=32, get_error=error:00000000:lib(0):func(0):reason(0), retry=99, ssl_err=5 +Mar 15 06:24:30 nada sm-mta[29141]: v2F5OSbF029141: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207] +Mar 15 06:24:51 nada sm-mta[29155]: v2F5OoMX029155: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207] +Mar 15 06:25:13 nada sm-mta[29160]: v2F5PClb029160: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207] +Mar 15 06:25:35 nada sm-mta[29590]: v2F5PYa1029590: AUTH decode64 error [-5 for "Y2FzdG9yAGNhc3RvcgBwb2tlbW9uDQ==\r"], relay=[156.67.106.207] +Mar 20 06:54:52 nada sshd[7359]: input_userauth_request: invalid user [preauth] +Mar 20 04:00:44 nada sm-mta[21983]: v2K30iPx021983: [180.163.2.117]: probable open proxy: command=GET / HTTP/1.1\r\n +Mar 19 06:47:45 nada clamav-milter: ClamAV: mi_stop=1 +Mar 19 04:36:45 marconi sshd[26598]: error: Received disconnect from 46.165.220.212 port 52999:13: User request [preauth] +Mar 19 00:00:01 marconi sudo: fredrik : TTY=unknown ; PWD=/home/fredrik ; USER=root ; COMMAND=/home/fredrik/bin/kdbx_backup.sh +Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding route to 192.168.1.0/24 +Mar 25 05:53:41 marconi dhcpcd[2859]: if_route (ADD): File exists +Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: adding default route via 192.168.1.1 +Mar 25 05:53:41 marconi dhcpcd[2859]: enp4s0: removing default route via 192.168.1.1 +Mar 25 02:59:08 marconi dhclient[31370]: DHCPREQUEST of 192.168.1.118 on enp4s0 to 192.168.1.1 port 67 (xid=0x3d70f3bb) +Mar 24 13:00:11 marconi kernel: [181133.572625] r8169 0000:04:00.0 enp4s0: link up +Mar 24 01:42:10 nada sshd[31304]: input_userauth_request: invalid user [preauth] +Mar 23 19:07:02 nada sm-mta[20228]: v2NI71CW020228: rejecting commands from ec2-35-165-194-208.us-west-2.compute.amazonaws.com [35.165.194.208] due to pre-greeting traffic after 1 seconds +Mar 23 23:44:38 nada sm-mta[17761]: v2NMibVZ017761: rejecting commands from ecs-160-44-202-130.reverse.open-telekom-cloud.com [160.44.202.130] due to pre-greeting traffic after 1 seconds + Aug 23 18:39:24 nada fredrik[1713]: Kontrollrad. Syns detta har vi problem... Aug 23 18:39:24 nada fredrik[1713]: Sista raden