Журнал
Пятница (03/31/17)
10:56:18
#apt-get install snooptab
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
E: Не удалось найти пакет snooptab
|
10:56:26
#apt-get install ttysnoops
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
E: Не удалось найти пакет ttysnoops
|
10:56:36
#apt-get install snooptab
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
E: Не удалось найти пакет snooptab
|
10:56:44
#rehash
l3script: rehash: команда не найдена
|
10:56:57
debian3 имя пользователя: ivan
Пароль:
Неверное имя пользователя
debian3 имя пользователя: ivan
Пароль:
|
10:57:31
Пароль:
Неверное имя пользователя
debian3 имя пользователя: 123
Пароль:
Неверное имя пользователя
debian3 имя пользователя:
Время выполнения входа в систему истекло (60 секунд).
|
10:58:34
#apt-get install snooptab
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
E: Не удалось найти пакет snooptab
|
10:58:54
#apt-get install ttysnoop
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Уже установлена самая новая версия ttysnoop.
обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено.
|
10:59:18
#apt-get install ttysnoop
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Уже установлена самая новая версия ttysnoop.
обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено.
|
10:59:24
#apt-get install ttysnoop
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Уже установлена самая новая версия ttysnoop.
обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено.
|
10:59:28
#apt-get install ttysnoop
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Уже установлена самая новая версия ttysnoop.
обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено.
|
10:59:30
#apt-get install ttysnoop
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Уже установлена самая новая версия ttysnoop.
^[OAобновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено.
|
10:59:31
#apt-get search snap
E: Неверная операция search
|
11:00:14
#apt-get search sundi
E: Неверная операция search
|
11:00:20
#apt-get list sundi
E: Неверная операция list
|
11:00:26
l3script: apt: команда не найдена
|
прошло 10 минут
11:10:33
networking.conf startpar-bridge.conf udevmonitor.conf
network-interface.conf udev.conf udevtrigger.conf
network-interface-container.conf udev-fallback-graphics.conf
network-interface-security.conf udev-finish.conf
|
11:13:18
acpi initramfs-tools python
adduser.conf inittab python2.7
adjtime inputrc rc0.d
aliases insserv rc1.d
alternatives insserv.conf rc2.d
apt insserv.conf.d rc3.d
bash.bashrc iproute2 rc4.d
bash_completion issue rc5.d
bash_completion.d issue.net rc6.d
bindresvport.blacklist kbd rc.local
...
grub.d os-release udev
gshadow pam.conf ufw
gshadow- pam.d vim
host.conf passwd w3m
hostname passwd- wgetrc
hosts perl X11
hosts.allow ppp xml
hosts.deny profile zsh
init profile.d
init.d protocols
|
11:13:18
#cat profile
profile profile.d/
|
11:13:18
#cat profile
profile profile.d/
|
11:13:18
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "`id -u`" -eq 0 ]; then
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
else
PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
fi
export PATH
if [ "$PS1" ]; then
if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
...
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi
HISTSIZE=2000
HISTFILESIZE=2000
export HISTSIZE HISTFILESIZE
|
11:13:33
#cd /etc/rc.d
l3script: cd: /etc/rc.d: Нет такого файла или каталога
|
11:14:19
acpi initramfs-tools python
adduser.conf inittab python2.7
adjtime inputrc rc0.d
aliases insserv rc1.d
alternatives insserv.conf rc2.d
apt insserv.conf.d rc3.d
bash.bashrc iproute2 rc4.d
bash_completion issue rc5.d
bash_completion.d issue.net rc6.d
bindresvport.blacklist kbd rc.local
...
grub.d os-release udev
gshadow pam.conf ufw
gshadow- pam.d vim
host.conf passwd w3m
hostname passwd- wgetrc
hosts perl X11
hosts.allow ppp xml
hosts.deny profile zsh
init profile.d
init.d protocols
|
11:14:19
acpi initramfs-tools python
adduser.conf inittab python2.7
adjtime inputrc rc0.d
aliases insserv rc1.d
alternatives insserv.conf rc2.d
apt insserv.conf.d rc3.d
bash.bashrc iproute2 rc4.d
bash_completion issue rc5.d
bash_completion.d issue.net rc6.d
bindresvport.blacklist kbd rc.local
...
grub.d os-release udev
gshadow pam.conf ufw
gshadow- pam.d vim
host.conf passwd w3m
hostname passwd- wgetrc
hosts perl X11
hosts.allow ppp xml
hosts.deny profile zsh
init profile.d
init.d protocols
|
11:14:47
Architecture: x86_64
CPU op-mode(s): 32-bit, 64-bit
Byte Order: Little Endian
CPU(s): 1
On-line CPU(s) list: 0
Thread(s) per core: 1
Core(s) per socket: 1
Socket(s): 1
NUMA node(s): 1
Vendor ID: GenuineIntel
CPU family: 6
Model: 15
Stepping: 11
CPU MHz: 2327.540
BogoMIPS: 4655.08
Hypervisor vendor: Xen
Virtualization type: full
L1d cache: 32K
L1i cache: 32K
L2 cache: 4096K
NUMA node0 CPU(s): 0
|
11:19:25
#lshdd
l3script: lshdd: команда не найдена
|
11:19:37
#lshd
l3script: lshd: команда не найдена
|
прошло 87 минут
12:47:02
acpid hwclock.sh mtab.sh sendsigs
bootlogs kbd netdiag single
bootmisc.sh keyboard-setup networking skeleton
checkfs.sh killprocs procps ssh
checkroot-bootclean.sh kmod rc sudo
checkroot.sh motd rc.local udev
console-cyrillic mountall-bootclean.sh rcS udev-mtab
console-setup mountall.sh README umountfs
cron mountdevsubfs.sh reboot umountnfs.sh
exim4 mountkernfs.sh rmnologin umountroot
halt mountnfs-bootclean.sh rsyslog urandom
hostname.sh mountnfs.sh screen-cleanup
|
12:47:03
#./crond stop
l3script: ./crond: Нет такого файла или каталога
|
12:47:59
[ ok ] Stopping periodic command scheduler: cron.
|
12:48:08
[ ok ] Restarting periodic command scheduler: cron[....] Stopping periodic command scheduler: cron.
[ ok ] Starting periodic command scheduler: cron.
|
12:49:06
#cd /etc/r
rc0.d/ rc4.d/ rcS.d/ rpc
rc1.d/ rc5.d/ reportbug.conf rsyslog.conf
rc2.d/ rc6.d/ resolv.conf rsyslog.d/
rc3.d/ rc.local rmt
|
12:49:59
README S01netdiag S01sudo S02cron S02ssh S04rc.local
S01motd S01rsyslog S02acpid S02exim4 S03bootlogs S04rmnologin
|
12:49:59
итого 12K
drwxr-xr-x 2 root root 4,0K Мар 28 09:27 .
drwxr-xr-x 70 root root 4,0K Мар 31 11:55 ..
-rw-r--r-- 1 root root 677 Июл 14 2013 README
lrwxrwxrwx 1 root root 14 Июн 27 2014 S01motd -> ../init.d/motd
lrwxrwxrwx 1 root root 17 Июн 27 2014 S01netdiag -> ../init.d/netdiag
lrwxrwxrwx 1 root root 17 Июн 27 2014 S01rsyslog -> ../init.d/rsyslog
lrwxrwxrwx 1 root root 14 Мар 28 09:27 S01sudo -> ../init.d/sudo
lrwxrwxrwx 1 root root 15 Июн 27 2014 S02acpid -> ../init.d/acpid
lrwxrwxrwx 1 root root 14 Июн 27 2014 S02cron -> ../init.d/cron
lrwxrwxrwx 1 root root 15 Июн 27 2014 S02exim4 -> ../init.d/exim4
lrwxrwxrwx 1 root root 13 Июн 27 2014 S02ssh -> ../init.d/ssh
lrwxrwxrwx 1 root root 18 Июн 27 2014 S03bootlogs -> ../init.d/bootlogs
lrwxrwxrwx 1 root root 18 Июн 27 2014 S04rc.local -> ../init.d/rc.local
lrwxrwxrwx 1 root root 19 Июн 27 2014 S04rmnologin -> ../init.d/rmnologin
|
12:50:02
#cd rc6.d
l3script: cd: rc6.d: Нет такого файла или каталога
|
12:50:45
итого 4
lrwxrwxrwx 1 root root 15 Июн 27 2014 K01exim4 -> ../init.d/exim4
lrwxrwxrwx 1 root root 17 Июн 27 2014 K01netdiag -> ../init.d/netdiag
lrwxrwxrwx 1 root root 17 Июн 27 2014 K01urandom -> ../init.d/urandom
lrwxrwxrwx 1 root root 18 Июн 27 2014 K02sendsigs -> ../init.d/sendsigs
lrwxrwxrwx 1 root root 17 Июн 27 2014 K03rsyslog -> ../init.d/rsyslog
lrwxrwxrwx 1 root root 20 Июн 27 2014 K04hwclock.sh -> ../init.d/hwclock.sh
lrwxrwxrwx 1 root root 22 Июн 27 2014 K04umountnfs.sh -> ../init.d/umountnfs.sh
lrwxrwxrwx 1 root root 20 Июн 27 2014 K05networking -> ../init.d/networking
lrwxrwxrwx 1 root root 18 Июн 27 2014 K06umountfs -> ../init.d/umountfs
lrwxrwxrwx 1 root root 20 Июн 27 2014 K07umountroot -> ../init.d/umountroot
lrwxrwxrwx 1 root root 16 Июн 27 2014 K08reboot -> ../init.d/reboot
-rw-r--r-- 1 root root 351 Окт 15 2012 README
|
12:50:47
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
НОВЫЕ пакеты, которые будут установлены:
vsftpd
обновлено 0, установлено 1 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено.
Необходимо скачать 158 kБ архивов.
После данной операции, объём занятого дискового пространства возрастёт на 286 kB.
Получено:1 http://ftp.ua.debian.org/debian/ wheezy/main vsftpd amd64 2.3.5-3 [158 kB]
Получено 158 kБ за 0с (799 kБ/c)
Предварительная настройка пакетов ...
Выбор ранее не выбранного пакета vsftpd.
(Чтение базы данных … на данный момент установлено 31254 файла и каталога.)
Распаковывается пакет vsftpd (из файла …/vsftpd_2.3.5-3_amd64.deb) …
Обрабатываются триггеры для man-db …
Настраивается пакет vsftpd (2.3.5-3) …
Starting FTP server: vsftpd.
|
12:56:00
acpid hwclock.sh mtab.sh sendsigs
bootlogs kbd netdiag single
bootmisc.sh keyboard-setup networking skeleton
checkfs.sh killprocs procps ssh
checkroot-bootclean.sh kmod rc sudo
checkroot.sh motd rc.local udev
console-cyrillic mountall-bootclean.sh rcS udev-mtab
console-setup mountall.sh README umountfs
cron mountdevsubfs.sh reboot umountnfs.sh
exim4 mountkernfs.sh rmnologin umountroot
halt mountnfs-bootclean.sh rsyslog urandom
hostname.sh mountnfs.sh screen-cleanup vsftpd
|
12:56:12
#chkconfig --list vsftpd
l3script: chkconfig: команда не найдена
|
12:57:14
#service vsftpd chkconfig
Usage: /etc/init.d/vsftpd {start|stop|restart|reload|status}
|
12:58:47
#systemctl
l3script: systemctl: команда не найдена
|
13:02:02
README S01netdiag S01sudo S02cron S02ssh S03bootlogs S04rmnologin
S01motd S01rsyslog S02acpid S02exim4 S02vsftpd S04rc.local
|
13:07:50
#cd /proc/`pidof rsyslogd`
|
13:08:41
#cd df
l3script: cd: df: Нет такого файла или каталога
|
13:08:45
attr coredump_filter io mountstats pagemap stat
autogroup cpuset limits net personality statm
auxv cwd loginuid ns root status
cgroup environ maps numa_maps sched syscall
clear_refs exe mem oom_adj sessionid task
cmdline fd mountinfo oom_score smaps wchan
comm fdinfo mounts oom_score_adj stack
|
13:09:01
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 debian3.net.nt:40540 xgu.ru:18030 TIME_WAIT
tcp 0 0 debian3.net.nt:40541 xgu.ru:18030 TIME_WAIT
tcp 0 0 debian3.net.nt:ssh 192.168.16.187:49257 ESTABLISHED
tcp 0 0 debian3.net.nt:40539 xgu.ru:18030 TIME_WAIT
tcp 0 432 debian3.net.nt:ssh 192.168.16.187:49239 ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags Type State I-Node Path
unix 5 [ ] DGRAM 5096 /dev/log
unix 3 [ ] STREAM CONNECTED 107257
unix 3 [ ] STREAM CONNECTED 107256
unix 2 [ ] DGRAM 107255
unix 2 [ ] DGRAM 106825
unix 3 [ ] STREAM CONNECTED 99103
unix 3 [ ] STREAM CONNECTED 99102
unix 2 [ ] STREAM 99099
unix 2 [ ] DGRAM 5143
unix 3 [ ] DGRAM 3267
unix 3 [ ] DGRAM 3266
|
13:10:24
#cat 0
cat: 0: Нет такого устройства или адреса
|
13:10:27
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 10:17:01 debian3 /USR/SBIN/CRON[14581]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 11:17:01 debian3 /USR/SBIN/CRON[15075]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 12:17:01 debian3 /USR/SBIN/CRON[15975]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 13:17:01 debian3 /USR/SBIN/CRON[16006]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16183]: (CRON) INFO (pidfile fd = 3)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) STARTUP (fork ok)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
|
13:10:29
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 10:17:01 debian3 /USR/SBIN/CRON[14581]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 11:17:01 debian3 /USR/SBIN/CRON[15075]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 12:17:01 debian3 /USR/SBIN/CRON[15975]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 13:17:01 debian3 /USR/SBIN/CRON[16006]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16183]: (CRON) INFO (pidfile fd = 3)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) STARTUP (fork ok)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
|
13:10:32
Mar 28 06:25:05 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 29 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 30 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
|
13:10:36
#cat 3
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 31 06:25:03 debian3 CRON[13872]: pam_unix(cron:session): session closed for user root
Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session closed for user root
Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session closed for user root
Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
...
Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105
Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp
Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105
Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false
Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password
Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp
Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information
^[O4
^[OA^[OA^C
|
13:10:40
#cat 4
^C
|
13:10:43
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root
Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2
Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2
...
Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session closed for user root
Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session closed for user root
Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105
Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp
Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105
Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false
Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password
Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp
Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information
|
13:10:44
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
...
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
|
13:11:59
#cat /var/log/secure
cat: /var/log/secure: Нет такого файла или каталога
|
13:13:55
#cat /var/lo
local/ lock/ log/
|
13:13:55
#cat /var/lo
local/ lock/ log/
|
13:13:55
#cat /var/log/
alternatives.log auth.log.2.gz debug dmesg.3.gz installer/ mail.err news/ syslog.7.gz
alternatives.log.1 auth.log.3.gz debug.1 dmesg.4.gz iptraf/ mail.info syslog user.log
alternatives.log.2.gz btmp debug.2.gz dpkg.log kern.log mail.log syslog.1 user.log.1
apt/ btmp.1 debug.3.gz dpkg.log.1 kern.log.1 mail.warn syslog.2.gz user.log.2.gz
aptitude daemon.log dmesg dpkg.log.2.gz kern.log.2.gz messages syslog.3.gz user.log.3.gz
aptitude.1.gz daemon.log.1 dmesg.0 exim4/ kern.log.3.gz messages.1 syslog.4.gz vsftpd.log
auth.log daemon.log.2.gz dmesg.1.gz faillog lastlog messages.2.gz syslog.5.gz wtmp
auth.log.1 daemon.log.3.gz dmesg.2.gz fsck/ lpr.log messages.3.gz syslog.6.gz wtmp.1
|
13:13:55
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root
Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2
Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2
...
Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session closed for user root
Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session closed for user root
Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105
Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp
Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105
Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false
Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password
Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp
Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information
|
13:14:14
#ssh 192.168.13.6
root@192.168.13.6's password:
sdlfkj
Permission denied, please try again.
root@192.168.13.6's password:
|
13:14:45
#ssh 192.168.16.193
The authenticity of host '192.168.16.193 (192.168.16.193)' can't be established.
RSA key fingerprint is a8:60:9a:fb:22:43:15:b8:41:1d:fc:74:87:a1:ff:04.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.16.193' (RSA) to the list of known hosts.
root@192.168.16.193's password:
sdflkj
Permission denied, please try again.
root@192.168.16.193's password:
sdlfkj
sdlfkj
sdflPermission denied, please try again.
root@192.168.16.193's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
|
13:15:04
#ssh vasia@192.168.16.193
vasia@192.168.16.193's password:
sdlfk
Permission denied, please try again.
vasia@192.168.16.193's password:
sdl;fk
eiPermission denied, please try again.
vasia@192.168.16.193's password:
lsPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password).
|
13:15:25
l3script: lsd: команда не найдена
|
13:15:25
--- /tmp/l3-saved-14106.3961.23834 2017-03-31 14:16:32.703924574 +0300
+++ /etc/rsyslog.conf 2017-03-31 14:21:07.279924106 +0300
@@ -59,13 +59,14 @@
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
-*.*;auth,authpriv.none -/var/log/syslog
+*.*;auth,authpriv.none, -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
+local5.* /var/log/ssh
#
# Logging for the mail system. Split it up so that
@@ -91,7 +92,7 @@
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
- mail,news.none -/var/log/messages
+ mail,news.none,local5.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
|
13:21:07
#service rsyslogd reload
rsyslogd: unrecognized service
|
13:21:27
#service rsyslog reload
Usage: /etc/init.d/rsyslog {start|stop|rotate|restart|force-reload|status}
|
13:21:31
#service rsyslog force-reload
[ ok ] Stopping enhanced syslogd: rsyslogd.
[ ok ] Starting enhanced syslogd: rsyslogd.
|
13:21:42
alternatives.log aptitude.1.gz btmp daemon.log.3.gz dmesg dmesg.4.gz faillog kern.log.1 mail.err messages.1 syslog syslog.5.gz user.log.2.gz
alternatives.log.1 auth.log btmp.1 debug dmesg.0 dpkg.log fsck kern.log.2.gz mail.info messages.2.gz syslog.1 syslog.6.gz user.log.3.gz
alternatives.log.2.gz auth.log.1 daemon.log debug.1 dmesg.1.gz dpkg.log.1 installer kern.log.3.gz mail.log messages.3.gz syslog.2.gz syslog.7.gz vsftpd.log
apt auth.log.2.gz daemon.log.1 debug.2.gz dmesg.2.gz dpkg.log.2.gz iptraf lastlog mail.warn news syslog.3.gz user.log wtmp
aptitude auth.log.3.gz daemon.log.2.gz debug.3.gz dmesg.3.gz exim4 kern.log lpr.log messages ssh syslog.4.gz user.log.1 wtmp.1
|
13:22:07
#logger -p local5.err 'Error!!!!'
|
13:22:55
#cat ssh
cat: ssh: Нет такого файла или каталога
|
13:22:58
Mar 31 14:22:55 debian3 user: Error!!!!
|
13:23:06
#vim /etc/ssh/sshd_config
--- /tmp/l3-saved-14106.29399.16640 2017-03-31 14:23:46.499924500 +0300
+++ /etc/ssh/sshd_config 2017-03-31 14:25:38.047923288 +0300
@@ -19,8 +19,9 @@
ServerKeyBits 768
# Logging
-SyslogFacility AUTH
-LogLevel INFO
+#SyslogFacility AUTH
+SyslogFacility LOCAL5
+#LogLevel INFO
# Authentication:
LoginGraceTime 120
|
13:25:38
#service sshd reload
sshd: unrecognized service
|
13:25:45
#service sshd force-reload
sshd: unrecognized service
|
13:25:51
#service sshd
sshd: unrecognized service
|
13:25:58
#service ssh force-reload
[ ok ] Reloading OpenBSD Secure Shell server's configuration: sshd.
|
13:26:04
#vim /etc/ssh/sshd_config
|
13:34:52
[ ok ] Stopping enhanced syslogd: rsyslogd.
[ ok ] Starting enhanced syslogd: rsyslogd.
|
13:35:34
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
...
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here
|
прошло 11 минут
13:47:26
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
...
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here
|
13:51:31
apt aptitude dpkg exim4-base exim4-paniclog iptraf rsyslog vsftpd
|
13:51:32
Чтение списков пакетов… Готово
Построение дерева зависимостей
Чтение информации о состоянии… Готово
Будут установлены следующие дополнительные пакеты:
libldap-2.4-2 libsasl2-2 libsasl2-modules squid-common squid-langpack
Предлагаемые пакеты:
libsasl2-modules-otp libsasl2-modules-ldap libsasl2-modules-sql libsasl2-modules-gssapi-mit libsasl2-modules-gssapi-heimdal squidclient squid-cgi logcheck-database resolvconf smbclient winbind
НОВЫЕ пакеты, которые будут установлены:
libldap-2.4-2 libsasl2-2 libsasl2-modules squid squid-common squid-langpack
обновлено 0, установлено 6 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено.
...
Обрабатываются триггеры для man-db …
Настраивается пакет libsasl2-2:amd64 (2.1.25.dfsg1-6+deb7u1) …
Настраивается пакет libldap-2.4-2:amd64 (2.4.31-2+deb7u2) …
Настраивается пакет squid-langpack (20120616-1) …
Настраивается пакет squid-common (2.7.STABLE9-4.1+deb7u2) …
Настраивается пакет squid (2.7.STABLE9-4.1+deb7u2) …
Creating squid spool directory structure
2017/03/31 14:53:28| Creating Swap Directories
[ ok ] Restarting Squid HTTP proxy: squid.
Настраивается пакет libsasl2-modules:amd64 (2.1.25.dfsg1-6+deb7u1) …
|
13:53:39
apt aptitude dpkg exim4-base exim4-paniclog iptraf rsyslog squid vsftpd
|
13:53:53
#
# Logrotate fragment for squid.
#
/var/log/squid/*.log {
daily
compress
delaycompress
rotate 2
missingok
nocreate
sharedscripts
postrotate
test ! -e /var/run/squid.pid || /usr/sbin/squid -k rotate
endscript
}
|
13:53:59
#cd /etc/cron
cron.d/ cron.daily/ cron.hourly/ cron.monthly/ crontab cron.weekly/
|
13:54:29
apt aptitude bsdmainutils dpkg exim4-base locate logrotate man-db passwd
|
13:54:30
#!/bin/sh
test -x /usr/sbin/logrotate || exit 0
/usr/sbin/logrotate /etc/logrotate.conf
|
13:54:38
/etc/crontab
/etc/cron.d:
/etc/cron.daily:
apt aptitude bsdmainutils dpkg exim4-base locate logrotate man-db passwd
/etc/cron.hourly:
/etc/cron.monthly:
/etc/cron.weekly:
man-db
|
Файлы
/etc/logrotate.conf
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here
/etc/rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
/var/log/auth.log
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root
Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2
Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2
Mar 28 09:17:34 debian3 sshd[7648]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 28 09:24:45 debian3 sshd[7695]: Accepted password for user from 192.168.16.187 port 49242 ssh2
Mar 28 09:24:45 debian3 sshd[7695]: pam_unix(sshd:session): session opened for user user by (uid=0)
Mar 28 09:27:14 debian3 su[7891]: Successful su for root by user
Mar 28 09:27:14 debian3 su[7891]: + /dev/pts/2 user:root
Mar 28 09:27:14 debian3 su[7891]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:27:28 debian3 su[7891]: pam_unix(su:session): session closed for user root
Mar 28 09:27:40 debian3 su[8227]: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=root
Mar 28 09:27:42 debian3 su[8227]: pam_authenticate: Authentication failure
Mar 28 09:27:42 debian3 su[8227]: FAILED su for root by user
Mar 28 09:27:42 debian3 su[8227]: - /dev/pts/2 user:root
Mar 28 09:27:53 debian3 su[8235]: Successful su for root by user
Mar 28 09:27:53 debian3 su[8235]: + /dev/pts/2 user:root
Mar 28 09:27:53 debian3 su[8235]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:27:59 debian3 su[8235]: pam_unix(su:session): session closed for user root
Mar 28 09:33:16 debian3 sudo: user : user NOT in sudoers ; TTY=pts/2 ; PWD=/etc ; USER=root ; COMMAND=/bin/chmod 755 screenrc
Mar 28 09:33:24 debian3 su[8705]: No passwd entry for user '755'
Mar 28 09:33:24 debian3 su[8705]: FAILED su for 755 by user
Mar 28 09:33:24 debian3 su[8705]: - /dev/pts/2 user:755
Mar 28 09:33:45 debian3 su[8713]: Successful su for root by user
Mar 28 09:33:45 debian3 su[8713]: + /dev/pts/2 user:root
Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session closed for user root
Mar 28 09:34:22 debian3 su[8756]: Successful su for root by user
Mar 28 09:34:22 debian3 su[8756]: + /dev/pts/2 user:root
Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session closed for user root
Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session closed for user root
Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session closed for user root
Mar 28 11:28:18 debian3 sshd[7648]: pam_unix(sshd:session): session closed for user root
Mar 28 11:28:26 debian3 sshd[9544]: Accepted password for root from 192.168.16.187 port 49747 ssh2
Mar 28 11:28:26 debian3 sshd[9544]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 28 11:53:47 debian3 sshd[7695]: pam_unix(sshd:session): session closed for user user
Mar 28 11:53:59 debian3 sshd[9806]: Invalid user acharnosh from 192.168.16.187
Mar 28 11:53:59 debian3 sshd[9806]: input_userauth_request: invalid user acharnosh [preauth]
Mar 28 11:54:03 debian3 sshd[9806]: Received disconnect from 192.168.16.187: 13: Unable to authenticate [preauth]
Mar 28 11:54:31 debian3 sshd[9808]: Connection closed by 192.168.16.187 [preauth]
Mar 28 11:54:40 debian3 sshd[9810]: Accepted password for ivan from 192.168.16.187 port 49768 ssh2
Mar 28 11:54:40 debian3 sshd[9810]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 11:54:49 debian3 sshd[9810]: pam_unix(sshd:session): session closed for user ivan
Mar 28 11:55:19 debian3 sshd[9896]: Accepted password for ivan from 192.168.16.187 port 49769 ssh2
Mar 28 11:55:19 debian3 sshd[9896]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 11:57:32 debian3 sshd[9896]: pam_unix(sshd:session): session closed for user ivan
Mar 28 11:57:45 debian3 sshd[10088]: Connection closed by 192.168.16.187 [preauth]
Mar 28 11:58:46 debian3 sshd[10090]: Accepted password for ivan from 192.168.16.187 port 49773 ssh2
Mar 28 11:58:46 debian3 sshd[10090]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 12:01:49 debian3 sshd[10090]: pam_unix(sshd:session): session closed for user ivan
Mar 28 12:02:11 debian3 sshd[10215]: Accepted password for ivan from 192.168.16.187 port 49774 ssh2
Mar 28 12:02:11 debian3 sshd[10215]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 12:16:20 debian3 sshd[10349]: Accepted password for root from 192.168.16.187 port 49785 ssh2
Mar 28 12:16:20 debian3 sshd[10349]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session closed for user root
Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session closed for user root
Mar 28 13:38:46 debian3 sshd[11037]: Connection closed by 192.168.16.187 [preauth]
Mar 28 13:39:46 debian3 sshd[11039]: Accepted password for petr from 192.168.16.187 port 49812 ssh2
Mar 28 13:39:46 debian3 sshd[11039]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 28 13:40:17 debian3 sshd[9544]: pam_unix(sshd:session): session closed for user root
Mar 28 13:53:26 debian3 sshd[11039]: pam_unix(sshd:session): session closed for user petr
Mar 28 14:00:09 debian3 sshd[11820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr
Mar 28 14:00:10 debian3 sshd[11820]: Failed password for petr from 192.168.16.187 port 49885 ssh2
Mar 28 14:00:14 debian3 sshd[11820]: Accepted password for petr from 192.168.16.187 port 49885 ssh2
Mar 28 14:00:14 debian3 sshd[11820]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session closed for user root
Mar 28 14:24:00 debian3 sshd[11820]: pam_unix(sshd:session): session closed for user petr
Mar 28 14:25:48 debian3 sshd[10215]: pam_unix(sshd:session): session closed for user ivan
Mar 28 14:26:09 debian3 sshd[11968]: Accepted password for user from 192.168.16.187 port 49901 ssh2
Mar 28 14:26:09 debian3 sshd[11968]: pam_unix(sshd:session): session opened for user user by (uid=0)
Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session closed for user root
Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session closed for user root
Mar 28 17:06:48 debian3 sshd[14025]: Accepted password for ivan from 192.168.16.187 port 50084 ssh2
Mar 28 17:06:48 debian3 sshd[14025]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 17:06:57 debian3 sshd[14025]: pam_unix(sshd:session): session closed for user ivan
Mar 28 17:12:53 debian3 sshd[10349]: pam_unix(sshd:session): session closed for user root
Mar 28 17:13:03 debian3 sshd[11968]: pam_unix(sshd:session): session closed for user user
Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session closed for user root
Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session closed for user root
Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session closed for user root
Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session closed for user root
Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session closed for user root
Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session closed for user root
Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session closed for user root
Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session closed for user root
Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session closed for user root
Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session closed for user root
Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session closed for user root
Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session closed for user root
Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session closed for user root
Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session closed for user root
Mar 29 06:25:01 debian3 CRON[14242]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 06:25:02 debian3 su[14341]: Successful su for nobody by root
Mar 29 06:25:02 debian3 su[14341]: + ??? root:nobody
Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session closed for user nobody
Mar 29 06:25:02 debian3 su[14343]: Successful su for nobody by root
Mar 29 06:25:02 debian3 su[14343]: + ??? root:nobody
Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session closed for user nobody
Mar 29 06:25:02 debian3 su[14345]: Successful su for nobody by root
Mar 29 06:25:02 debian3 su[14345]: + ??? root:nobody
Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session closed for user nobody
Mar 29 06:25:03 debian3 CRON[14242]: pam_unix(cron:session): session closed for user root
Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session closed for user root
Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session closed for user root
Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session closed for user root
Mar 29 09:41:48 debian3 sshd[14417]: Accepted password for root from 192.168.16.187 port 49228 ssh2
Mar 29 09:41:48 debian3 sshd[14417]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session closed for user root
Mar 29 10:54:13 debian3 login[15706]: pam_unix(login:session): session opened for user user by (uid=0)
Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session closed for user root
Mar 29 11:54:12 debian3 sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=user
Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): conversation failed
Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): auth could not identify password for [user]
Mar 29 11:54:31 debian3 sudo: user : 2 incorrect password attempts ; TTY=pts/2 ; PWD=/etc/cron.daily ; USER=root ; COMMAND=/usr/bin/updatedb
Mar 29 11:57:39 debian3 su[17590]: Successful su for root by user
Mar 29 11:57:39 debian3 su[17590]: + /dev/pts/2 user:root
Mar 29 11:57:39 debian3 su[17590]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 29 11:57:44 debian3 su[17590]: pam_unix(su:session): session closed for user root
Mar 29 11:59:58 debian3 login[15706]: pam_unix(login:session): session closed for user user
Mar 29 12:03:04 debian3 sshd[17862]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2
Mar 29 12:03:04 debian3 sshd[17862]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 29 12:06:00 debian3 sshd[17862]: pam_unix(sshd:session): session closed for user ivan
Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session closed for user root
Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session closed for user root
Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session closed for user root
Mar 29 14:33:23 debian3 useradd[20008]: new group: name=anna, GID=1003
Mar 29 14:33:23 debian3 useradd[20008]: new user: name=anna, UID=1003, GID=1003, home=/home/anna, shell=/bin/sh
Mar 29 14:37:28 debian3 usermod[20066]: change user 'user' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:37:28 debian3 usermod[20071]: change user 'ivan' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:37:28 debian3 usermod[20076]: change user 'petr' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:20 debian3 usermod[20118]: change user 'user' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:20 debian3 usermod[20123]: change user 'ivan' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:20 debian3 usermod[20128]: change user 'petr' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:20 debian3 usermod[20133]: change user 'anna' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:41 debian3 usermod[20142]: change user 'user' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:41 debian3 usermod[20147]: change user 'ivan' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:41 debian3 usermod[20152]: change user 'petr' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:41 debian3 usermod[20157]: change user 'anna' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:45:05 debian3 usermod[20166]: change user 'user' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:45:05 debian3 usermod[20171]: change user 'ivan' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:45:05 debian3 usermod[20176]: change user 'petr' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:45:05 debian3 usermod[20181]: change user 'anna' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:00:59 debian3 usermod[20477]: change user 'user' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:00:59 debian3 usermod[20482]: change user 'ivan' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:00:59 debian3 usermod[20487]: change user 'petr' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:00:59 debian3 usermod[20492]: change user 'anna' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:01:02 debian3 usermod[20508]: change user 'user' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:01:02 debian3 usermod[20513]: change user 'ivan' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:01:02 debian3 usermod[20518]: change user 'petr' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:01:02 debian3 usermod[20523]: change user 'anna' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session closed for user root
Mar 29 15:48:46 debian3 sshd[24308]: Accepted password for ivan from 192.168.16.187 port 49738 ssh2
Mar 29 15:48:46 debian3 sshd[24308]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session closed for user root
Mar 29 16:20:37 debian3 su[8879]: Successful su for ivan by root
Mar 29 16:20:37 debian3 su[8879]: + /dev/pts/0 root:ivan
Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session opened for user ivan by root(uid=0)
Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session closed for user ivan
Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session closed for user root
Mar 29 17:25:12 debian3 su[9088]: No passwd entry for user 'matrix.jpg'
Mar 29 17:25:12 debian3 su[9088]: FAILED su for matrix.jpg by ivan
Mar 29 17:25:12 debian3 su[9088]: - /dev/pts/1 ivan:matrix.jpg
Mar 29 17:25:26 debian3 su[9089]: Successful su for root by ivan
Mar 29 17:25:26 debian3 su[9089]: + /dev/pts/1 ivan:root
Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session opened for user root by ivan(uid=1001)
Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session closed for user root
Mar 29 17:31:46 debian3 sshd[24308]: pam_unix(sshd:session): session closed for user ivan
Mar 29 17:31:47 debian3 sshd[14417]: pam_unix(sshd:session): session closed for user root
Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session closed for user root
Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session closed for user root
Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session closed for user root
Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session closed for user root
Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session closed for user root
Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session closed for user root
Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session closed for user root
Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session closed for user root
Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session closed for user root
Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session closed for user root
Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session closed for user root
Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session closed for user root
Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session closed for user root
Mar 30 06:25:01 debian3 CRON[9212]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 06:25:02 debian3 su[9284]: Successful su for nobody by root
Mar 30 06:25:02 debian3 su[9284]: + ??? root:nobody
Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session closed for user nobody
Mar 30 06:25:02 debian3 su[9286]: Successful su for nobody by root
Mar 30 06:25:02 debian3 su[9286]: + ??? root:nobody
Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session closed for user nobody
Mar 30 06:25:02 debian3 su[9288]: Successful su for nobody by root
Mar 30 06:25:02 debian3 su[9288]: + ??? root:nobody
Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session closed for user nobody
Mar 30 06:25:03 debian3 CRON[9212]: pam_unix(cron:session): session closed for user root
Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session closed for user root
Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session closed for user root
Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session closed for user root
Mar 30 09:38:59 debian3 sshd[9367]: Accepted password for root from 192.168.16.187 port 49218 ssh2
Mar 30 09:38:59 debian3 sshd[9367]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 09:45:32 debian3 sshd[9423]: Accepted password for ivan from 192.168.16.187 port 49228 ssh2
Mar 30 09:45:32 debian3 sshd[9423]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 09:55:45 debian3 chfn[9628]: changed user 'ivan' information
Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session closed for user root
Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/group: name=developers, GID=1004
Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/gshadow: name=developers
Mar 30 10:31:06 debian3 groupadd[9863]: new group: name=developers, GID=1004
Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to group 'developers'
Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to shadow group 'developers'
Mar 30 10:37:09 debian3 gpasswd[9960]: user petr added by root to group developers
Mar 30 10:40:06 debian3 gpasswd[10011]: administrators of group developers set by root to anna
Mar 30 10:45:09 debian3 passwd[10097]: password for 'ivan' changed by 'root'
Mar 30 10:45:15 debian3 passwd[10116]: password for 'ivan' changed by 'root'
Mar 30 10:45:43 debian3 passwd[10142]: password for 'ivan' changed by 'root'
Mar 30 10:45:46 debian3 passwd[10154]: password for 'ivan' changed by 'root'
Mar 30 10:46:58 debian3 passwd[10166]: password for 'ivan' changed by 'root'
Mar 30 10:47:10 debian3 passwd[10185]: password for 'ivan' changed by 'root'
Mar 30 11:05:04 debian3 sshd[10324]: Accepted password for ivan from 127.0.0.1 port 44192 ssh2
Mar 30 11:05:04 debian3 sshd[10324]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 11:05:55 debian3 sshd[10326]: Received disconnect from 127.0.0.1: 11: disconnected by user
Mar 30 11:05:55 debian3 sshd[10324]: pam_unix(sshd:session): session closed for user ivan
Mar 30 11:06:16 debian3 sshd[10646]: Accepted password for ivan from 127.0.0.1 port 44194 ssh2
Mar 30 11:06:16 debian3 sshd[10646]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 11:06:55 debian3 sshd[10648]: Received disconnect from 127.0.0.1: 11: disconnected by user
Mar 30 11:06:55 debian3 sshd[10646]: pam_unix(sshd:session): session closed for user ivan
Mar 30 11:10:18 debian3 sshd[11024]: Accepted password for petr from 192.168.16.187 port 49352 ssh2
Mar 30 11:10:18 debian3 sshd[11024]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 30 11:10:54 debian3 sshd[11024]: pam_unix(sshd:session): session closed for user petr
Mar 30 11:12:35 debian3 sshd[11109]: User petr not allowed because shell /usr/bin/tmux -l /bin/bash does not exist
Mar 30 11:12:35 debian3 sshd[11109]: input_userauth_request: invalid user petr [preauth]
Mar 30 11:12:37 debian3 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr
Mar 30 11:12:40 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2
Mar 30 11:12:46 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2
Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session closed for user root
Mar 30 11:35:15 debian3 su[11519]: No passwd entry for user 'd1/temp.txt'
Mar 30 11:35:15 debian3 su[11519]: FAILED su for d1/temp.txt by ivan
Mar 30 11:35:15 debian3 su[11519]: - /dev/pts/1 ivan:d1/temp.txt
Mar 30 11:35:22 debian3 su[11520]: Successful su for root by ivan
Mar 30 11:35:22 debian3 su[11520]: + /dev/pts/1 ivan:root
Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session opened for user root by ivan(uid=1001)
Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session closed for user root
Mar 30 12:13:55 debian3 sshd[9423]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:14:03 debian3 sshd[11771]: Accepted password for ivan from 192.168.16.187 port 49379 ssh2
Mar 30 12:14:03 debian3 sshd[11771]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session closed for user root
Mar 30 12:20:26 debian3 sshd[9367]: pam_unix(sshd:session): session closed for user root
Mar 30 12:20:33 debian3 sshd[11888]: Accepted password for root from 192.168.16.187 port 49383 ssh2
Mar 30 12:20:33 debian3 sshd[11888]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:27:04 debian3 sshd[11888]: pam_unix(sshd:session): session closed for user root
Mar 30 12:27:11 debian3 sshd[12153]: Accepted password for root from 192.168.16.187 port 49385 ssh2
Mar 30 12:27:11 debian3 sshd[12153]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:27:40 debian3 sshd[12269]: Accepted password for petr from 192.168.16.187 port 49386 ssh2
Mar 30 12:27:40 debian3 sshd[12269]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 30 12:27:44 debian3 sshd[12269]: pam_unix(sshd:session): session closed for user petr
Mar 30 12:27:51 debian3 sshd[12278]: Accepted password for ivan from 192.168.16.187 port 49387 ssh2
Mar 30 12:27:51 debian3 sshd[12278]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:28:29 debian3 sshd[12278]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:28:35 debian3 sshd[12371]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2
Mar 30 12:28:35 debian3 sshd[12371]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:28:43 debian3 sshd[12371]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:29:05 debian3 sshd[12457]: Accepted password for ivan from 192.168.16.187 port 49389 ssh2
Mar 30 12:29:05 debian3 sshd[12457]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:30:39 debian3 sshd[12457]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:30:46 debian3 sshd[12553]: Accepted password for ivan from 192.168.16.187 port 49391 ssh2
Mar 30 12:30:46 debian3 sshd[12553]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:32:37 debian3 sshd[12553]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:32:43 debian3 sshd[12670]: Failed password for ivan from 192.168.16.187 port 49392 ssh2
Mar 30 12:32:43 debian3 sshd[12670]: fatal: Access denied for user ivan by PAM account configuration [preauth]
Mar 30 12:33:27 debian3 sshd[12680]: Accepted password for ivan from 192.168.16.187 port 49393 ssh2
Mar 30 12:33:27 debian3 sshd[12680]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:33:45 debian3 sudo: ivan : user NOT in sudoers ; TTY=pts/5 ; PWD=/home/ivan ; USER=root ; COMMAND=/bin/login ivan
Mar 30 12:33:52 debian3 sshd[12680]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:33:58 debian3 sshd[12784]: Accepted password for root from 192.168.16.187 port 49394 ssh2
Mar 30 12:33:58 debian3 sshd[12784]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:34:04 debian3 login[12831]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure
Mar 30 12:34:15 debian3 login[12831]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'petr', Authentication failure
Mar 30 12:34:17 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:34:19 debian3 login[12831]: FAILED LOGIN (3) on '/dev/pts/5' FOR 'root', Authentication failure
Mar 30 12:34:23 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:34:27 debian3 login[12831]: FAILED LOGIN (4) on '/dev/pts/5' FOR 'root', Authentication failure
Mar 30 12:34:32 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:34:34 debian3 login[12831]: FAILED LOGIN (5) on '/dev/pts/5' FOR 'root', Authentication failure
Mar 30 12:34:34 debian3 login[12831]: TOO MANY LOGIN TRIES (5) on '/dev/pts/5' FOR 'root'
Mar 30 12:34:34 debian3 login[12831]: pam_mail(login:session): pam_putenv: delete non-existent entry; MAIL
Mar 30 12:34:34 debian3 login[12831]: pam_unix(login:session): session closed for user root
Mar 30 12:35:02 debian3 sshd[12848]: Accepted password for root from 192.168.16.187 port 49396 ssh2
Mar 30 12:35:02 debian3 sshd[12848]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:35:07 debian3 sshd[12848]: pam_unix(sshd:session): session closed for user root
Mar 30 12:36:14 debian3 login[12911]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'user', Authentication failure
Mar 30 12:36:16 debian3 login[12911]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:36:19 debian3 login[12911]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'UNKNOWN', User not known to the underlying authentication module
Mar 30 12:36:36 debian3 sshd[12784]: pam_unix(sshd:session): session closed for user root
Mar 30 12:36:44 debian3 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=user
Mar 30 12:36:46 debian3 sshd[12920]: Failed password for user from 192.168.16.187 port 49398 ssh2
Mar 30 12:36:48 debian3 sshd[12920]: Accepted password for user from 192.168.16.187 port 49398 ssh2
Mar 30 12:36:48 debian3 sshd[12920]: pam_unix(sshd:session): session opened for user user by (uid=0)
Mar 30 12:37:31 debian3 su[12970]: Successful su for root by user
Mar 30 12:37:31 debian3 su[12970]: + /dev/pts/5 user:root
Mar 30 12:37:31 debian3 su[12970]: pam_unix(su:session): session opened for user root by user(uid=1000)
Mar 30 13:17:01 debian3 CRON[13088]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 13:17:01 debian3 CRON[13088]: pam_unix(cron:session): session closed for user root
Mar 30 13:45:38 debian3 login[13102]: pam_unix(login:auth): authentication failure; logname=user uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=news
Mar 30 13:45:41 debian3 login[13102]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'news', Authentication failure
Mar 30 13:46:43 debian3 passwd[13107]: pam_unix(passwd:chauthtok): password changed for news
Mar 30 13:46:49 debian3 login[13108]: pam_unix(login:session): session opened for user news by user(uid=0)
Mar 30 13:47:54 debian3 login[13108]: pam_unix(login:session): session closed for user news
Mar 30 13:50:56 debian3 login[13114]: pam_unix(login:auth): authentication failure; logname=user uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=news
Mar 30 13:50:59 debian3 login[13114]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'news', Authentication failure
Mar 30 14:17:01 debian3 CRON[13259]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 14:17:01 debian3 CRON[13259]: pam_unix(cron:session): session closed for user root
Mar 30 14:27:24 debian3 sshd[12153]: pam_unix(sshd:session): session closed for user root
Mar 30 14:27:30 debian3 su[12970]: pam_unix(su:session): session closed for user root
Mar 30 14:27:30 debian3 sshd[12920]: pam_unix(sshd:session): session closed for user user
Mar 30 14:27:34 debian3 sshd[11771]: pam_unix(sshd:session): session closed for user ivan
Mar 30 14:30:00 debian3 sshd[13354]: Accepted password for root from 192.168.16.187 port 49687 ssh2
Mar 30 14:30:00 debian3 sshd[13354]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 14:31:25 debian3 sshd[13354]: pam_unix(sshd:session): session closed for user root
Mar 30 15:12:09 debian3 sshd[13442]: Accepted password for root from 192.168.16.187 port 49735 ssh2
Mar 30 15:12:09 debian3 sshd[13442]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 15:13:04 debian3 sshd[13494]: Accepted password for root from 192.168.16.166 port 43964 ssh2
Mar 30 15:13:04 debian3 sshd[13494]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 15:13:05 debian3 sshd[13494]: Received disconnect from 192.168.16.166: 11: disconnected by user
Mar 30 15:13:05 debian3 sshd[13494]: pam_unix(sshd:session): session closed for user root
Mar 30 15:17:01 debian3 CRON[13635]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 15:17:01 debian3 CRON[13635]: pam_unix(cron:session): session closed for user root
Mar 30 15:17:40 debian3 sshd[13654]: Accepted password for root from 192.168.16.166 port 43965 ssh2
Mar 30 15:17:40 debian3 sshd[13654]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 15:17:40 debian3 sshd[13654]: Received disconnect from 192.168.16.166: 11: disconnected by user
Mar 30 15:17:40 debian3 sshd[13654]: pam_unix(sshd:session): session closed for user root
Mar 30 15:37:22 debian3 sshd[13713]: Connection closed by 192.168.16.166 [preauth]
Mar 30 15:37:37 debian3 sshd[13715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.166 user=root
Mar 30 15:37:40 debian3 sshd[13715]: Failed password for root from 192.168.16.166 port 56958 ssh2
Mar 30 15:37:42 debian3 sshd[13715]: Accepted password for root from 192.168.16.166 port 56958 ssh2
Mar 30 15:37:42 debian3 sshd[13715]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 15:37:42 debian3 sshd[13715]: Received disconnect from 192.168.16.166: 11: disconnected by user
Mar 30 15:37:42 debian3 sshd[13715]: pam_unix(sshd:session): session closed for user root
Mar 30 15:39:02 debian3 sshd[13718]: Accepted password for root from 192.168.16.166 port 56959 ssh2
Mar 30 15:39:02 debian3 sshd[13718]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 15:39:03 debian3 sshd[13718]: Received disconnect from 192.168.16.166: 11: disconnected by user
Mar 30 15:39:03 debian3 sshd[13718]: pam_unix(sshd:session): session closed for user root
Mar 30 15:41:07 debian3 sshd[13729]: Accepted password for root from 192.168.16.166 port 56960 ssh2
Mar 30 15:41:07 debian3 sshd[13729]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 15:41:07 debian3 sshd[13729]: Received disconnect from 192.168.16.166: 11: disconnected by user
Mar 30 15:41:07 debian3 sshd[13729]: pam_unix(sshd:session): session closed for user root
Mar 30 15:42:51 debian3 sshd[13748]: Accepted password for root from 192.168.16.166 port 56961 ssh2
Mar 30 15:42:51 debian3 sshd[13748]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 15:42:51 debian3 sshd[13748]: Received disconnect from 192.168.16.166: 11: disconnected by user
Mar 30 15:42:51 debian3 sshd[13748]: pam_unix(sshd:session): session closed for user root
Mar 30 16:17:01 debian3 CRON[13768]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 16:17:01 debian3 CRON[13768]: pam_unix(cron:session): session closed for user root
Mar 30 17:17:01 debian3 CRON[13775]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 17:17:01 debian3 CRON[13775]: pam_unix(cron:session): session closed for user root
Mar 30 17:19:12 debian3 sshd[13442]: pam_unix(sshd:session): session closed for user root
Mar 30 18:17:01 debian3 CRON[13785]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 18:17:01 debian3 CRON[13785]: pam_unix(cron:session): session closed for user root
Mar 30 19:17:01 debian3 CRON[13792]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 19:17:01 debian3 CRON[13792]: pam_unix(cron:session): session closed for user root
Mar 30 20:17:01 debian3 CRON[13799]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 20:17:01 debian3 CRON[13799]: pam_unix(cron:session): session closed for user root
Mar 30 21:17:01 debian3 CRON[13806]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 21:17:01 debian3 CRON[13806]: pam_unix(cron:session): session closed for user root
Mar 30 22:17:01 debian3 CRON[13813]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 22:17:01 debian3 CRON[13813]: pam_unix(cron:session): session closed for user root
Mar 30 23:17:01 debian3 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 23:17:01 debian3 CRON[13820]: pam_unix(cron:session): session closed for user root
Mar 31 00:17:01 debian3 CRON[13827]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 00:17:01 debian3 CRON[13827]: pam_unix(cron:session): session closed for user root
Mar 31 01:17:01 debian3 CRON[13834]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 01:17:01 debian3 CRON[13834]: pam_unix(cron:session): session closed for user root
Mar 31 02:17:01 debian3 CRON[13841]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 02:17:01 debian3 CRON[13841]: pam_unix(cron:session): session closed for user root
Mar 31 03:17:01 debian3 CRON[13848]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 03:17:01 debian3 CRON[13848]: pam_unix(cron:session): session closed for user root
Mar 31 04:17:01 debian3 CRON[13855]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 04:17:01 debian3 CRON[13855]: pam_unix(cron:session): session closed for user root
Mar 31 05:17:01 debian3 CRON[13862]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 05:17:01 debian3 CRON[13862]: pam_unix(cron:session): session closed for user root
Mar 31 06:17:01 debian3 CRON[13869]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 06:17:01 debian3 CRON[13869]: pam_unix(cron:session): session closed for user root
Mar 31 06:25:01 debian3 CRON[13872]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 06:25:02 debian3 su[13944]: Successful su for nobody by root
Mar 31 06:25:02 debian3 su[13944]: + ??? root:nobody
Mar 31 06:25:02 debian3 su[13944]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 31 06:25:02 debian3 su[13944]: pam_unix(su:session): session closed for user nobody
Mar 31 06:25:02 debian3 su[13946]: Successful su for nobody by root
Mar 31 06:25:02 debian3 su[13946]: + ??? root:nobody
Mar 31 06:25:02 debian3 su[13946]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 31 06:25:02 debian3 su[13946]: pam_unix(su:session): session closed for user nobody
Mar 31 06:25:02 debian3 su[13948]: Successful su for nobody by root
Mar 31 06:25:02 debian3 su[13948]: + ??? root:nobody
Mar 31 06:25:02 debian3 su[13948]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 31 06:25:02 debian3 su[13948]: pam_unix(su:session): session closed for user nobody
Mar 31 06:25:03 debian3 CRON[13872]: pam_unix(cron:session): session closed for user root
Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session closed for user root
Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session closed for user root
Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session closed for user root
Mar 31 09:20:04 debian3 sshd[14025]: Accepted password for root from 192.168.16.187 port 49239 ssh2
Mar 31 09:20:04 debian3 sshd[14025]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 31 09:55:23 debian3 sshd[14222]: Accepted password for ivan from 192.168.16.187 port 49257 ssh2
Mar 31 09:55:23 debian3 sshd[14222]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 31 10:11:01 debian3 passwd[14306]: pam_unix(passwd:chauthtok): authentication failure; logname=ivan uid=1001 euid=0 tty= ruser= rhost= user=ivan
Mar 31 10:17:01 debian3 CRON[14580]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 10:17:01 debian3 CRON[14580]: pam_unix(cron:session): session closed for user root
Mar 31 11:17:01 debian3 CRON[15074]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 11:17:01 debian3 CRON[15074]: pam_unix(cron:session): session closed for user root
Mar 31 11:57:07 debian3 login[15795]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=ivan
Mar 31 11:57:10 debian3 login[15795]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure
Mar 31 11:58:07 debian3 login[15805]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=ivan
Mar 31 11:58:10 debian3 login[15805]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure
Mar 31 11:58:17 debian3 login[15805]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 31 11:58:19 debian3 login[15805]: pam_unix(login:auth): check pass; user unknown
Mar 31 11:58:19 debian3 login[15805]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost=
Mar 31 11:58:22 debian3 login[15805]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'UNKNOWN', User not known to the underlying authentication module
Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session closed for user root
Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session closed for user root
Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105
Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp
Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105
Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false
Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password
Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp
Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information
/var/log/ssh
Mar 31 14:22:55 debian3 user: Error!!!!
1
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 10:17:01 debian3 /USR/SBIN/CRON[14581]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 11:17:01 debian3 /USR/SBIN/CRON[15075]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 12:17:01 debian3 /USR/SBIN/CRON[15975]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 13:17:01 debian3 /USR/SBIN/CRON[16006]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16183]: (CRON) INFO (pidfile fd = 3)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) STARTUP (fork ok)
Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
2
Mar 28 06:25:05 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 29 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 30 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
5
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root
Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root
Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2
Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2
Mar 28 09:17:34 debian3 sshd[7648]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 28 09:24:45 debian3 sshd[7695]: Accepted password for user from 192.168.16.187 port 49242 ssh2
Mar 28 09:24:45 debian3 sshd[7695]: pam_unix(sshd:session): session opened for user user by (uid=0)
Mar 28 09:27:14 debian3 su[7891]: Successful su for root by user
Mar 28 09:27:14 debian3 su[7891]: + /dev/pts/2 user:root
Mar 28 09:27:14 debian3 su[7891]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:27:28 debian3 su[7891]: pam_unix(su:session): session closed for user root
Mar 28 09:27:40 debian3 su[8227]: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=root
Mar 28 09:27:42 debian3 su[8227]: pam_authenticate: Authentication failure
Mar 28 09:27:42 debian3 su[8227]: FAILED su for root by user
Mar 28 09:27:42 debian3 su[8227]: - /dev/pts/2 user:root
Mar 28 09:27:53 debian3 su[8235]: Successful su for root by user
Mar 28 09:27:53 debian3 su[8235]: + /dev/pts/2 user:root
Mar 28 09:27:53 debian3 su[8235]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:27:59 debian3 su[8235]: pam_unix(su:session): session closed for user root
Mar 28 09:33:16 debian3 sudo: user : user NOT in sudoers ; TTY=pts/2 ; PWD=/etc ; USER=root ; COMMAND=/bin/chmod 755 screenrc
Mar 28 09:33:24 debian3 su[8705]: No passwd entry for user '755'
Mar 28 09:33:24 debian3 su[8705]: FAILED su for 755 by user
Mar 28 09:33:24 debian3 su[8705]: - /dev/pts/2 user:755
Mar 28 09:33:45 debian3 su[8713]: Successful su for root by user
Mar 28 09:33:45 debian3 su[8713]: + /dev/pts/2 user:root
Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session closed for user root
Mar 28 09:34:22 debian3 su[8756]: Successful su for root by user
Mar 28 09:34:22 debian3 su[8756]: + /dev/pts/2 user:root
Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session closed for user root
Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session closed for user root
Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session closed for user root
Mar 28 11:28:18 debian3 sshd[7648]: pam_unix(sshd:session): session closed for user root
Mar 28 11:28:26 debian3 sshd[9544]: Accepted password for root from 192.168.16.187 port 49747 ssh2
Mar 28 11:28:26 debian3 sshd[9544]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 28 11:53:47 debian3 sshd[7695]: pam_unix(sshd:session): session closed for user user
Mar 28 11:53:59 debian3 sshd[9806]: Invalid user acharnosh from 192.168.16.187
Mar 28 11:53:59 debian3 sshd[9806]: input_userauth_request: invalid user acharnosh [preauth]
Mar 28 11:54:03 debian3 sshd[9806]: Received disconnect from 192.168.16.187: 13: Unable to authenticate [preauth]
Mar 28 11:54:31 debian3 sshd[9808]: Connection closed by 192.168.16.187 [preauth]
Mar 28 11:54:40 debian3 sshd[9810]: Accepted password for ivan from 192.168.16.187 port 49768 ssh2
Mar 28 11:54:40 debian3 sshd[9810]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 11:54:49 debian3 sshd[9810]: pam_unix(sshd:session): session closed for user ivan
Mar 28 11:55:19 debian3 sshd[9896]: Accepted password for ivan from 192.168.16.187 port 49769 ssh2
Mar 28 11:55:19 debian3 sshd[9896]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 11:57:32 debian3 sshd[9896]: pam_unix(sshd:session): session closed for user ivan
Mar 28 11:57:45 debian3 sshd[10088]: Connection closed by 192.168.16.187 [preauth]
Mar 28 11:58:46 debian3 sshd[10090]: Accepted password for ivan from 192.168.16.187 port 49773 ssh2
Mar 28 11:58:46 debian3 sshd[10090]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 12:01:49 debian3 sshd[10090]: pam_unix(sshd:session): session closed for user ivan
Mar 28 12:02:11 debian3 sshd[10215]: Accepted password for ivan from 192.168.16.187 port 49774 ssh2
Mar 28 12:02:11 debian3 sshd[10215]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 12:16:20 debian3 sshd[10349]: Accepted password for root from 192.168.16.187 port 49785 ssh2
Mar 28 12:16:20 debian3 sshd[10349]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session closed for user root
Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session closed for user root
Mar 28 13:38:46 debian3 sshd[11037]: Connection closed by 192.168.16.187 [preauth]
Mar 28 13:39:46 debian3 sshd[11039]: Accepted password for petr from 192.168.16.187 port 49812 ssh2
Mar 28 13:39:46 debian3 sshd[11039]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 28 13:40:17 debian3 sshd[9544]: pam_unix(sshd:session): session closed for user root
Mar 28 13:53:26 debian3 sshd[11039]: pam_unix(sshd:session): session closed for user petr
Mar 28 14:00:09 debian3 sshd[11820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr
Mar 28 14:00:10 debian3 sshd[11820]: Failed password for petr from 192.168.16.187 port 49885 ssh2
Mar 28 14:00:14 debian3 sshd[11820]: Accepted password for petr from 192.168.16.187 port 49885 ssh2
Mar 28 14:00:14 debian3 sshd[11820]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session closed for user root
Mar 28 14:24:00 debian3 sshd[11820]: pam_unix(sshd:session): session closed for user petr
Mar 28 14:25:48 debian3 sshd[10215]: pam_unix(sshd:session): session closed for user ivan
Mar 28 14:26:09 debian3 sshd[11968]: Accepted password for user from 192.168.16.187 port 49901 ssh2
Mar 28 14:26:09 debian3 sshd[11968]: pam_unix(sshd:session): session opened for user user by (uid=0)
Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session closed for user root
Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session closed for user root
Mar 28 17:06:48 debian3 sshd[14025]: Accepted password for ivan from 192.168.16.187 port 50084 ssh2
Mar 28 17:06:48 debian3 sshd[14025]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 28 17:06:57 debian3 sshd[14025]: pam_unix(sshd:session): session closed for user ivan
Mar 28 17:12:53 debian3 sshd[10349]: pam_unix(sshd:session): session closed for user root
Mar 28 17:13:03 debian3 sshd[11968]: pam_unix(sshd:session): session closed for user user
Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session closed for user root
Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session closed for user root
Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session closed for user root
Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session closed for user root
Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session closed for user root
Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session closed for user root
Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session closed for user root
Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session closed for user root
Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session closed for user root
Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session closed for user root
Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session closed for user root
Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session closed for user root
Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session closed for user root
Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session closed for user root
Mar 29 06:25:01 debian3 CRON[14242]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 06:25:02 debian3 su[14341]: Successful su for nobody by root
Mar 29 06:25:02 debian3 su[14341]: + ??? root:nobody
Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session closed for user nobody
Mar 29 06:25:02 debian3 su[14343]: Successful su for nobody by root
Mar 29 06:25:02 debian3 su[14343]: + ??? root:nobody
Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session closed for user nobody
Mar 29 06:25:02 debian3 su[14345]: Successful su for nobody by root
Mar 29 06:25:02 debian3 su[14345]: + ??? root:nobody
Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session closed for user nobody
Mar 29 06:25:03 debian3 CRON[14242]: pam_unix(cron:session): session closed for user root
Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session closed for user root
Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session closed for user root
Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session closed for user root
Mar 29 09:41:48 debian3 sshd[14417]: Accepted password for root from 192.168.16.187 port 49228 ssh2
Mar 29 09:41:48 debian3 sshd[14417]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session closed for user root
Mar 29 10:54:13 debian3 login[15706]: pam_unix(login:session): session opened for user user by (uid=0)
Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session closed for user root
Mar 29 11:54:12 debian3 sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=user
Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): conversation failed
Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): auth could not identify password for [user]
Mar 29 11:54:31 debian3 sudo: user : 2 incorrect password attempts ; TTY=pts/2 ; PWD=/etc/cron.daily ; USER=root ; COMMAND=/usr/bin/updatedb
Mar 29 11:57:39 debian3 su[17590]: Successful su for root by user
Mar 29 11:57:39 debian3 su[17590]: + /dev/pts/2 user:root
Mar 29 11:57:39 debian3 su[17590]: pam_unix(su:session): session opened for user root by (uid=1000)
Mar 29 11:57:44 debian3 su[17590]: pam_unix(su:session): session closed for user root
Mar 29 11:59:58 debian3 login[15706]: pam_unix(login:session): session closed for user user
Mar 29 12:03:04 debian3 sshd[17862]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2
Mar 29 12:03:04 debian3 sshd[17862]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 29 12:06:00 debian3 sshd[17862]: pam_unix(sshd:session): session closed for user ivan
Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session closed for user root
Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session closed for user root
Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session closed for user root
Mar 29 14:33:23 debian3 useradd[20008]: new group: name=anna, GID=1003
Mar 29 14:33:23 debian3 useradd[20008]: new user: name=anna, UID=1003, GID=1003, home=/home/anna, shell=/bin/sh
Mar 29 14:37:28 debian3 usermod[20066]: change user 'user' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:37:28 debian3 usermod[20071]: change user 'ivan' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:37:28 debian3 usermod[20076]: change user 'petr' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:20 debian3 usermod[20118]: change user 'user' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:20 debian3 usermod[20123]: change user 'ivan' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:20 debian3 usermod[20128]: change user 'petr' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:20 debian3 usermod[20133]: change user 'anna' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:41:41 debian3 usermod[20142]: change user 'user' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:41 debian3 usermod[20147]: change user 'ivan' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:41 debian3 usermod[20152]: change user 'petr' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:41:41 debian3 usermod[20157]: change user 'anna' shell from '/bin/bash' to '/bin/sh'
Mar 29 14:45:05 debian3 usermod[20166]: change user 'user' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:45:05 debian3 usermod[20171]: change user 'ivan' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:45:05 debian3 usermod[20176]: change user 'petr' shell from '/bin/sh' to '/bin/bash'
Mar 29 14:45:05 debian3 usermod[20181]: change user 'anna' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:00:59 debian3 usermod[20477]: change user 'user' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:00:59 debian3 usermod[20482]: change user 'ivan' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:00:59 debian3 usermod[20487]: change user 'petr' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:00:59 debian3 usermod[20492]: change user 'anna' shell from '/bin/bash' to '/bin/sh'
Mar 29 15:01:02 debian3 usermod[20508]: change user 'user' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:01:02 debian3 usermod[20513]: change user 'ivan' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:01:02 debian3 usermod[20518]: change user 'petr' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:01:02 debian3 usermod[20523]: change user 'anna' shell from '/bin/sh' to '/bin/bash'
Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session closed for user root
Mar 29 15:48:46 debian3 sshd[24308]: Accepted password for ivan from 192.168.16.187 port 49738 ssh2
Mar 29 15:48:46 debian3 sshd[24308]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session closed for user root
Mar 29 16:20:37 debian3 su[8879]: Successful su for ivan by root
Mar 29 16:20:37 debian3 su[8879]: + /dev/pts/0 root:ivan
Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session opened for user ivan by root(uid=0)
Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session closed for user ivan
Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session closed for user root
Mar 29 17:25:12 debian3 su[9088]: No passwd entry for user 'matrix.jpg'
Mar 29 17:25:12 debian3 su[9088]: FAILED su for matrix.jpg by ivan
Mar 29 17:25:12 debian3 su[9088]: - /dev/pts/1 ivan:matrix.jpg
Mar 29 17:25:26 debian3 su[9089]: Successful su for root by ivan
Mar 29 17:25:26 debian3 su[9089]: + /dev/pts/1 ivan:root
Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session opened for user root by ivan(uid=1001)
Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session closed for user root
Mar 29 17:31:46 debian3 sshd[24308]: pam_unix(sshd:session): session closed for user ivan
Mar 29 17:31:47 debian3 sshd[14417]: pam_unix(sshd:session): session closed for user root
Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session closed for user root
Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session closed for user root
Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session closed for user root
Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session closed for user root
Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session closed for user root
Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session closed for user root
Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session closed for user root
Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session closed for user root
Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session closed for user root
Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session closed for user root
Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session closed for user root
Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session closed for user root
Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session closed for user root
Mar 30 06:25:01 debian3 CRON[9212]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 06:25:02 debian3 su[9284]: Successful su for nobody by root
Mar 30 06:25:02 debian3 su[9284]: + ??? root:nobody
Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session closed for user nobody
Mar 30 06:25:02 debian3 su[9286]: Successful su for nobody by root
Mar 30 06:25:02 debian3 su[9286]: + ??? root:nobody
Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session closed for user nobody
Mar 30 06:25:02 debian3 su[9288]: Successful su for nobody by root
Mar 30 06:25:02 debian3 su[9288]: + ??? root:nobody
Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session opened for user nobody by (uid=0)
Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session closed for user nobody
Mar 30 06:25:03 debian3 CRON[9212]: pam_unix(cron:session): session closed for user root
Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session closed for user root
Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session closed for user root
Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session closed for user root
Mar 30 09:38:59 debian3 sshd[9367]: Accepted password for root from 192.168.16.187 port 49218 ssh2
Mar 30 09:38:59 debian3 sshd[9367]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 09:45:32 debian3 sshd[9423]: Accepted password for ivan from 192.168.16.187 port 49228 ssh2
Mar 30 09:45:32 debian3 sshd[9423]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 09:55:45 debian3 chfn[9628]: changed user 'ivan' information
Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session closed for user root
Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/group: name=developers, GID=1004
Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/gshadow: name=developers
Mar 30 10:31:06 debian3 groupadd[9863]: new group: name=developers, GID=1004
Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to group 'developers'
Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to shadow group 'developers'
Mar 30 10:37:09 debian3 gpasswd[9960]: user petr added by root to group developers
Mar 30 10:40:06 debian3 gpasswd[10011]: administrators of group developers set by root to anna
Mar 30 10:45:09 debian3 passwd[10097]: password for 'ivan' changed by 'root'
Mar 30 10:45:15 debian3 passwd[10116]: password for 'ivan' changed by 'root'
Mar 30 10:45:43 debian3 passwd[10142]: password for 'ivan' changed by 'root'
Mar 30 10:45:46 debian3 passwd[10154]: password for 'ivan' changed by 'root'
Mar 30 10:46:58 debian3 passwd[10166]: password for 'ivan' changed by 'root'
Mar 30 10:47:10 debian3 passwd[10185]: password for 'ivan' changed by 'root'
Mar 30 11:05:04 debian3 sshd[10324]: Accepted password for ivan from 127.0.0.1 port 44192 ssh2
Mar 30 11:05:04 debian3 sshd[10324]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 11:05:55 debian3 sshd[10326]: Received disconnect from 127.0.0.1: 11: disconnected by user
Mar 30 11:05:55 debian3 sshd[10324]: pam_unix(sshd:session): session closed for user ivan
Mar 30 11:06:16 debian3 sshd[10646]: Accepted password for ivan from 127.0.0.1 port 44194 ssh2
Mar 30 11:06:16 debian3 sshd[10646]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 11:06:55 debian3 sshd[10648]: Received disconnect from 127.0.0.1: 11: disconnected by user
Mar 30 11:06:55 debian3 sshd[10646]: pam_unix(sshd:session): session closed for user ivan
Mar 30 11:10:18 debian3 sshd[11024]: Accepted password for petr from 192.168.16.187 port 49352 ssh2
Mar 30 11:10:18 debian3 sshd[11024]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 30 11:10:54 debian3 sshd[11024]: pam_unix(sshd:session): session closed for user petr
Mar 30 11:12:35 debian3 sshd[11109]: User petr not allowed because shell /usr/bin/tmux -l /bin/bash does not exist
Mar 30 11:12:35 debian3 sshd[11109]: input_userauth_request: invalid user petr [preauth]
Mar 30 11:12:37 debian3 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr
Mar 30 11:12:40 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2
Mar 30 11:12:46 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2
Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session closed for user root
Mar 30 11:35:15 debian3 su[11519]: No passwd entry for user 'd1/temp.txt'
Mar 30 11:35:15 debian3 su[11519]: FAILED su for d1/temp.txt by ivan
Mar 30 11:35:15 debian3 su[11519]: - /dev/pts/1 ivan:d1/temp.txt
Mar 30 11:35:22 debian3 su[11520]: Successful su for root by ivan
Mar 30 11:35:22 debian3 su[11520]: + /dev/pts/1 ivan:root
Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session opened for user root by ivan(uid=1001)
Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session closed for user root
Mar 30 12:13:55 debian3 sshd[9423]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:14:03 debian3 sshd[11771]: Accepted password for ivan from 192.168.16.187 port 49379 ssh2
Mar 30 12:14:03 debian3 sshd[11771]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session opened for user root by (uid=0)
Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session closed for user root
Mar 30 12:20:26 debian3 sshd[9367]: pam_unix(sshd:session): session closed for user root
Mar 30 12:20:33 debian3 sshd[11888]: Accepted password for root from 192.168.16.187 port 49383 ssh2
Mar 30 12:20:33 debian3 sshd[11888]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:27:04 debian3 sshd[11888]: pam_unix(sshd:session): session closed for user root
Mar 30 12:27:11 debian3 sshd[12153]: Accepted password for root from 192.168.16.187 port 49385 ssh2
Mar 30 12:27:11 debian3 sshd[12153]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:27:40 debian3 sshd[12269]: Accepted password for petr from 192.168.16.187 port 49386 ssh2
Mar 30 12:27:40 debian3 sshd[12269]: pam_unix(sshd:session): session opened for user petr by (uid=0)
Mar 30 12:27:44 debian3 sshd[12269]: pam_unix(sshd:session): session closed for user petr
Mar 30 12:27:51 debian3 sshd[12278]: Accepted password for ivan from 192.168.16.187 port 49387 ssh2
Mar 30 12:27:51 debian3 sshd[12278]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:28:29 debian3 sshd[12278]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:28:35 debian3 sshd[12371]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2
Mar 30 12:28:35 debian3 sshd[12371]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:28:43 debian3 sshd[12371]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:29:05 debian3 sshd[12457]: Accepted password for ivan from 192.168.16.187 port 49389 ssh2
Mar 30 12:29:05 debian3 sshd[12457]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:30:39 debian3 sshd[12457]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:30:46 debian3 sshd[12553]: Accepted password for ivan from 192.168.16.187 port 49391 ssh2
Mar 30 12:30:46 debian3 sshd[12553]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:32:37 debian3 sshd[12553]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:32:43 debian3 sshd[12670]: Failed password for ivan from 192.168.16.187 port 49392 ssh2
Mar 30 12:32:43 debian3 sshd[12670]: fatal: Access denied for user ivan by PAM account configuration [preauth]
Mar 30 12:33:27 debian3 sshd[12680]: Accepted password for ivan from 192.168.16.187 port 49393 ssh2
Mar 30 12:33:27 debian3 sshd[12680]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
Mar 30 12:33:45 debian3 sudo: ivan : user NOT in sudoers ; TTY=pts/5 ; PWD=/home/ivan ; USER=root ; COMMAND=/bin/login ivan
Mar 30 12:33:52 debian3 sshd[12680]: pam_unix(sshd:session): session closed for user ivan
Mar 30 12:33:58 debian3 sshd[12784]: Accepted password for root from 192.168.16.187 port 49394 ssh2
Mar 30 12:33:58 debian3 sshd[12784]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:34:04 debian3 login[12831]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure
Mar 30 12:34:15 debian3 login[12831]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'petr', Authentication failure
Mar 30 12:34:17 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:34:19 debian3 login[12831]: FAILED LOGIN (3) on '/dev/pts/5' FOR 'root', Authentication failure
Mar 30 12:34:23 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:34:27 debian3 login[12831]: FAILED LOGIN (4) on '/dev/pts/5' FOR 'root', Authentication failure
Mar 30 12:34:32 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:34:34 debian3 login[12831]: FAILED LOGIN (5) on '/dev/pts/5' FOR 'root', Authentication failure
Mar 30 12:34:34 debian3 login[12831]: TOO MANY LOGIN TRIES (5) on '/dev/pts/5' FOR 'root'
Mar 30 12:34:34 debian3 login[12831]: pam_mail(login:session): pam_putenv: delete non-existent entry; MAIL
Mar 30 12:34:34 debian3 login[12831]: pam_unix(login:session): session closed for user root
Mar 30 12:35:02 debian3 sshd[12848]: Accepted password for root from 192.168.16.187 port 49396 ssh2
Mar 30 12:35:02 debian3 sshd[12848]: pam_unix(sshd:session): session opened for user root by (uid=0)
Mar 30 12:35:07 debian3 sshd[12848]: pam_unix(sshd:session): session closed for user root
Mar 30 12:36:14 debian3 login[12911]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'user', Authentication failure
Mar 30 12:36:16 debian3 login[12911]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure !
Mar 30 12:36:19 debian3 login[12911]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'UNKNOWN', User not known to the underlying authentication module
Mar 30 12:36:36 debian3 sshd[12784]: pam_unix(sshd:session): session closed for user root
Mar 30 12:36:44 debian3 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=user
Mar 30 12:36:46 debian3 sshd[12920]: Failed password for user from 192.168.16.187 port 49398 ssh2
Mar 30