Colegas, Eis um assunto onde tenho pouca experiencia, estou compartilhando com vocês para confirmar minha suspeita. Abaixo segue o log do meu servidor proxy.
LOG messages Dec 6 02:01:01 ns1inter crond(pam_unix)[23715]: session opened for user root by (uid=0) Dec 6 02:01:01 ns1inter crond(pam_unix)[23715]: session closed for user root Dec 6 02:02:21 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 216.109.116.20#53 Dec 6 02:02:21 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 216.109.116.20#53 Dec 6 02:02:21 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 66.218.71.205#53 Dec 6 02:02:21 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 66.218.71.205#53 Dec 6 02:02:31 ns1inter named[1754]: lame server resolving 'eowyn.dns4you.us' (in 'dns4you.us'?): 209.124.85.23#53 Dec 6 02:02:31 ns1inter named[1754]: lame server resolving 'eowyn.dns4you.us' (in 'dns4you.us'?): 209.124.85.23#53 Dec 6 02:02:31 ns1inter named[1754]: lame server resolving 'eowyn.dns4you.us' (in 'dns4you.us'?): 209.124.85.24#53 Dec 6 02:02:31 ns1inter named[1754]: lame server resolving 'eowyn.dns4you.us' (in 'dns4you.us'?): 209.124.85.24#53 Dec 6 02:13:32 ns1inter named[1754]: lame server resolving 'nutrisul.com' (in 'nutrisul.com'?): 200.177.96.11#53 Dec 6 02:13:32 ns1inter named[1754]: lame server resolving 'nutrisul.com' (in 'nutrisul.com'?): 200.177.96.11#53 Dec 6 02:13:32 ns1inter named[1754]: lame server resolving 'nutrisul.com' (in 'nutrisul.com'?): 200.176.128.153#53 Dec 6 02:13:32 ns1inter named[1754]: lame server resolving 'nutrisul.com' (in 'nutrisul.com'?): 200.176.128.153#53 Dec 6 02:15:20 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 216.109.116.20#53 Dec 6 02:15:20 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 216.109.116.20#53 Dec 6 02:15:21 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 66.218.71.205#53 Dec 6 02:15:21 ns1inter named[1754]: lame server resolving 'click21.com' (in 'click21.com'?): 66.218.71.205#53 Dec 6 02:35:41 ns1inter sshd(pam_unix)[23717]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.34.193.58 user=root Dec 6 02:35:55 ns1inter sshd(pam_unix)[23719]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.34.193.58 user=root Dec 6 02:36:06 ns1inter named[1754]: client 192.168.200.2#1024: no more recursive clients: quota reached Dec 6 02:36:06 ns1inter named[1754]: client 192.168.200.2#1024: no more recursive clients: quota reached Dec 6 02:36:06 ns1inter sshd(pam_unix)[23721]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.34.193.58 user=root Dec 6 02:36:06 ns1inter named[1754]: client 192.168.200.2#1024: no more recursive clients: quota reached Dec 6 02:36:06 ns1inter last message repeated 19 times Dec 6 02:36:20 ns1inter sshd(pam_unix)[23723]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.34.193.58 user=root Dec 6 02:36:34 ns1inter sshd(pam_unix)[23725]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.34.193.58 user=root Dec 6 02:36:45 ns1inter sshd(pam_unix)[23727]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=64.34.193.58 user=root Dec 6 02:36:47 ns1inter named[1754]: client 192.168.200.2#1024: no more recursive clients: quota reached Dec 6 02:36:48 ns1inter last message repeated 170 times Dec 6 02:36:49 ns1inter sshd(pam_unix)[23729]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=valerus-inc.net user=root Dec 6 02:36:55 ns1inter sshd(pam_unix)[23731]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=valerus-inc.net user=root LOG Security Dec 6 02:35:43 ns1inter sshd[23717]: Failed password for root from ::ffff:64.34.193.58 port 53590 ssh2 Dec 6 02:35:57 ns1inter sshd[23719]: Failed password for root from ::ffff:64.34.193.58 port 53848 ssh2 Dec 6 02:36:08 ns1inter sshd[23721]: Failed password for root from ::ffff:64.34.193.58 port 54053 ssh2 Dec 6 02:36:20 ns1inter sshd[23723]: reverse mapping checking getaddrinfo for valerus-inc.net failed - POSSIBLE BREAKIN ATTEMPT! Dec 6 02:36:22 ns1inter sshd[23723]: Failed password for root from ::ffff:64.34.193.58 port 54234 ssh2 Dec 6 02:36:34 ns1inter sshd[23725]: reverse mapping checking getaddrinfo for valerus-inc.net failed - POSSIBLE BREAKIN ATTEMPT! Dec 6 02:36:37 ns1inter sshd[23725]: Failed password for root from ::ffff:64.34.193.58 port 54463 ssh2 Dec 6 02:36:45 ns1inter sshd[23727]: reverse mapping checking getaddrinfo for valerus-inc.net failed - POSSIBLE BREAKIN ATTEMPT! Dec 6 02:36:47 ns1inter sshd[23727]: Failed password for root from ::ffff:64.34.193.58 port 54671 ssh2 Dec 6 02:36:52 ns1inter sshd[23729]: Failed password for root from ::ffff:64.34.193.58 port 54862 ssh2 Dec 6 02:36:57 ns1inter sshd[23731]: Failed password for root from ::ffff:64.34.193.58 port 54941 ssh2 Dec 6 02:58:30 ns1inter sshd[23733]: Did not receive identification string from ::ffff:211.95.64.90 Dec 6 03:04:57 ns1inter sshd[23736]: Invalid user at from ::ffff:211.95.64.90 Dec 6 03:05:09 ns1inter sshd[23736]: Failed password for invalid user at from ::ffff:211.95.64.90 port 49787 ssh2 Dec 6 03:16:21 ns1inter sshd[23738]: Accepted password for root from ::ffff:192.168.200.55 port 1131 ssh2 Dec 6 03:16:21 ns1inter sshd[23740]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory Dec 6 03:16:21 ns1inter sshd[23740]: lastlog_openseek: /var/log/lastlog is not a file or directory! Dec 6 03:16:21 ns1inter sshd[23740]: lastlog_perform_login: Couldn't stat /var/log/lastlog: No such file or directory Dec 6 03:16:21 ns1inter sshd[23740]: lastlog_openseek: /var/log/lastlog is not a file or directory! Dec 6 03:28:50 ns1inter sshd[23782]: Did not receive identification string from ::ffff:200.241.247.1 Dec 6 03:35:10 ns1inter sshd[23783]: Invalid user servidor from ::ffff:200.241.247.1 Dec 6 03:35:22 ns1inter sshd[23783]: Failed password for invalid user servidor from ::ffff:200.241.247.1 port 60797 ssh2 Agradeço toda ajuda, e peço dica de onde posso fazer um treinamento sobre segurança do LINUX, visto que aqui em Cuiabá e muito fraco. O que sei, foi estudando sozinho. Use e abuse de sua LIBERDADE - Use LINUX __________________ Eduardo Alvarenga Cuiabá/MT [As partes desta mensagem que não continham texto foram removidas] --------------------------------------------------------------------- Esta lista é EXCLUSIVAMENTE destinada aos assuntos servidores Linux e clientes Linux em rede. Quem insistir em não seguir esta regra será moderado ou terá o envio de msg suspenso sem prévio aviso. --------------------------------------------------------------------- Soluções Clássicas: http://br.groups.yahoo.com/group/servux/links/Mensagens_001047609003/ --------------------------------------------------------------------- Esta lista é moderada de acordo com o previsto em http://www.listas-discussao.cjb.net --------------------------------------------------------------------- Links do Yahoo! Grupos <*> Para visitar o site do seu grupo na web, acesse: http://br.groups.yahoo.com/group/servux/ <*> Para sair deste grupo, envie um e-mail para: [EMAIL PROTECTED] <*> O uso que você faz do Yahoo! Grupos está sujeito aos: http://br.yahoo.com/info/utos.html
