strani log ....

Discussioni relative al software di monitoraggio energetico METERN
fabioe
Messaggi: 29
Iscritto il: 22/01/2016, 21:03

strani log ....

Messaggioda fabioe » 15/05/2019, 13:35

In var/log mi trovo il file auth.log con registrate delle attività di tentati accessi come utente root ed altri utenti che comunque non sono abilitati nel raspy.
Arrivano da ip che non conosco e che cambiano dopo il mancato accesso su numeri di porte più svariati.
di seguito uno spezzone del file:

Codice: Seleziona tutto

May 15 00:35:45 raspberrypi sshd[32471]: Invalid user marcus from 122.2.165.134 port 41867
May 15 00:35:45 raspberrypi sshd[32471]: input_userauth_request: invalid user marcus [preauth]
May 15 00:35:45 raspberrypi sshd[32279]: Failed password for invalid user filiz from 122.2.165.134 port 39656 ssh2
May 15 00:35:46 raspberrypi sshd[32480]: Invalid user xerox from 122.2.165.134 port 41946
May 15 00:35:46 raspberrypi sshd[32471]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:46 raspberrypi sshd[32471]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:46 raspberrypi sshd[32480]: input_userauth_request: invalid user xerox [preauth]
May 15 00:35:46 raspberrypi sshd[32480]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:46 raspberrypi sshd[32480]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:46 raspberrypi sshd[32289]: Failed password for invalid user scottk from 122.2.165.134 port 39814 ssh2
May 15 00:35:46 raspberrypi sshd[32484]: Invalid user michal from 122.2.165.134 port 42025
May 15 00:35:46 raspberrypi sshd[32484]: input_userauth_request: invalid user michal [preauth]
May 15 00:35:46 raspberrypi sshd[32279]: Received disconnect from 122.2.165.134 port 39656:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32279]: Disconnected from 122.2.165.134 port 39656 [preauth]
May 15 00:35:46 raspberrypi sshd[32320]: Failed password for invalid user diane from 122.2.165.134 port 40051 ssh2
May 15 00:35:46 raspberrypi sshd[32484]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:46 raspberrypi sshd[32484]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:46 raspberrypi sshd[32303]: Failed password for invalid user tim from 122.2.165.134 port 39893 ssh2
May 15 00:35:46 raspberrypi sshd[32289]: Received disconnect from 122.2.165.134 port 39814:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32289]: Disconnected from 122.2.165.134 port 39814 [preauth]
May 15 00:35:46 raspberrypi sshd[32312]: Failed password for invalid user tim from 122.2.165.134 port 39972 ssh2
May 15 00:35:46 raspberrypi sshd[32502]: Invalid user general from 122.2.165.134 port 42183
May 15 00:35:46 raspberrypi sshd[32502]: input_userauth_request: invalid user general [preauth]
May 15 00:35:46 raspberrypi sshd[32323]: Failed password for invalid user diane from 122.2.165.134 port 40130 ssh2
May 15 00:35:46 raspberrypi sshd[32320]: Received disconnect from 122.2.165.134 port 40051:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32320]: Disconnected from 122.2.165.134 port 40051 [preauth]
May 15 00:35:46 raspberrypi sshd[32515]: Invalid user manuela from 122.2.165.134 port 42341
May 15 00:35:46 raspberrypi sshd[32502]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:46 raspberrypi sshd[32502]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:46 raspberrypi sshd[32303]: Received disconnect from 122.2.165.134 port 39893:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32303]: Disconnected from 122.2.165.134 port 39893 [preauth]
May 15 00:35:46 raspberrypi sshd[32515]: input_userauth_request: invalid user manuela [preauth]
May 15 00:35:46 raspberrypi sshd[32331]: Failed password for invalid user luke from 122.2.165.134 port 40288 ssh2
May 15 00:35:46 raspberrypi sshd[32312]: Received disconnect from 122.2.165.134 port 39972:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32312]: Disconnected from 122.2.165.134 port 39972 [preauth]
May 15 00:35:46 raspberrypi sshd[32515]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:46 raspberrypi sshd[32515]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:46 raspberrypi sshd[32323]: Received disconnect from 122.2.165.134 port 40130:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32323]: Disconnected from 122.2.165.134 port 40130 [preauth]
May 15 00:35:46 raspberrypi sshd[32337]: Failed password for invalid user simon from 122.2.165.134 port 40446 ssh2
May 15 00:35:46 raspberrypi sshd[32348]: Failed password for invalid user ray from 122.2.165.134 port 40525 ssh2
May 15 00:35:46 raspberrypi sshd[32331]: Received disconnect from 122.2.165.134 port 40288:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32331]: Disconnected from 122.2.165.134 port 40288 [preauth]
May 15 00:35:46 raspberrypi sshd[32334]: Failed password for invalid user ray from 122.2.165.134 port 40367 ssh2
May 15 00:35:46 raspberrypi sshd[32540]: Invalid user jm from 122.2.165.134 port 42657
May 15 00:35:46 raspberrypi sshd[32363]: Failed password for invalid user james from 122.2.165.134 port 40683 ssh2
May 15 00:35:46 raspberrypi sshd[32540]: input_userauth_request: invalid user jm [preauth]
May 15 00:35:46 raspberrypi sshd[32540]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:46 raspberrypi sshd[32540]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:46 raspberrypi sshd[32337]: Received disconnect from 122.2.165.134 port 40446:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32337]: Disconnected from 122.2.165.134 port 40446 [preauth]
May 15 00:35:46 raspberrypi sshd[32348]: Received disconnect from 122.2.165.134 port 40525:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32348]: Disconnected from 122.2.165.134 port 40525 [preauth]
May 15 00:35:46 raspberrypi sshd[32545]: Invalid user gus from 122.2.165.134 port 42736
May 15 00:35:46 raspberrypi sshd[32334]: Received disconnect from 122.2.165.134 port 40367:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32334]: Disconnected from 122.2.165.134 port 40367 [preauth]
May 15 00:35:46 raspberrypi sshd[32545]: input_userauth_request: invalid user gus [preauth]
May 15 00:35:46 raspberrypi sshd[32545]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:46 raspberrypi sshd[32545]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:46 raspberrypi sshd[32363]: Received disconnect from 122.2.165.134 port 40683:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:46 raspberrypi sshd[32363]: Disconnected from 122.2.165.134 port 40683 [preauth]
May 15 00:35:47 raspberrypi sshd[32560]: Invalid user ghost from 122.2.165.134 port 42894
May 15 00:35:47 raspberrypi sshd[32560]: input_userauth_request: invalid user ghost [preauth]
May 15 00:35:47 raspberrypi sshd[32560]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32560]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:47 raspberrypi sshd[32397]: Failed password for invalid user amy from 122.2.165.134 port 41236 ssh2
May 15 00:35:47 raspberrypi sshd[32574]: Invalid user commun from 122.2.165.134 port 42973
May 15 00:35:47 raspberrypi sshd[32578]: Invalid user skaner from 122.2.165.134 port 43052
May 15 00:35:47 raspberrypi sshd[32580]: Invalid user explorer from 122.2.165.134 port 43131
May 15 00:35:47 raspberrypi sshd[32578]: input_userauth_request: invalid user skaner [preauth]
May 15 00:35:47 raspberrypi sshd[32574]: input_userauth_request: invalid user commun [preauth]
May 15 00:35:47 raspberrypi sshd[32580]: input_userauth_request: invalid user explorer [preauth]
May 15 00:35:47 raspberrypi sshd[32578]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32578]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:47 raspberrypi sshd[32574]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32574]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:47 raspberrypi sshd[32397]: Received disconnect from 122.2.165.134 port 41236:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:47 raspberrypi sshd[32397]: Disconnected from 122.2.165.134 port 41236 [preauth]
May 15 00:35:47 raspberrypi sshd[32399]: Failed password for invalid user visitor from 122.2.165.134 port 41315 ssh2
May 15 00:35:47 raspberrypi sshd[32410]: Failed password for invalid user visitor from 122.2.165.134 port 41394 ssh2
May 15 00:35:47 raspberrypi sshd[32580]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32580]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:47 raspberrypi sshd[32419]: Failed password for invalid user support from 122.2.165.134 port 41473 ssh2
May 15 00:35:47 raspberrypi sshd[32614]: Invalid user leonardo from 122.2.165.134 port 43447
May 15 00:35:47 raspberrypi sshd[32437]: Failed password for invalid user bill from 122.2.165.134 port 41631 ssh2
May 15 00:35:47 raspberrypi sshd[32614]: input_userauth_request: invalid user leonardo [preauth]
May 15 00:35:47 raspberrypi sshd[32399]: Received disconnect from 122.2.165.134 port 41315:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:47 raspberrypi sshd[32399]: Disconnected from 122.2.165.134 port 41315 [preauth]
May 15 00:35:47 raspberrypi sshd[32410]: Received disconnect from 122.2.165.134 port 41394:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:47 raspberrypi sshd[32410]: Disconnected from 122.2.165.134 port 41394 [preauth]
May 15 00:35:47 raspberrypi sshd[32614]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32614]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:47 raspberrypi sshd[32625]: Invalid user cclien from 122.2.165.134 port 43526
May 15 00:35:47 raspberrypi sshd[32419]: Received disconnect from 122.2.165.134 port 41473:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:47 raspberrypi sshd[32419]: Disconnected from 122.2.165.134 port 41473 [preauth]
May 15 00:35:47 raspberrypi sshd[32625]: input_userauth_request: invalid user cclien [preauth]
May 15 00:35:47 raspberrypi sshd[32625]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32625]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:47 raspberrypi sshd[32437]: Received disconnect from 122.2.165.134 port 41631:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:47 raspberrypi sshd[32437]: Disconnected from 122.2.165.134 port 41631 [preauth]
May 15 00:35:47 raspberrypi sshd[32638]: Invalid user cclien from 122.2.165.134 port 43605
May 15 00:35:47 raspberrypi sshd[32638]: input_userauth_request: invalid user cclien [preauth]
May 15 00:35:47 raspberrypi sshd[32638]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32638]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:47 raspberrypi sshd[32651]: Invalid user mate from 122.2.165.134 port 43763
May 15 00:35:47 raspberrypi sshd[32651]: input_userauth_request: invalid user mate [preauth]
May 15 00:35:47 raspberrypi sshd[32651]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:47 raspberrypi sshd[32651]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32662]: Invalid user magnus from 122.2.165.134 port 43921
May 15 00:35:48 raspberrypi sshd[32662]: input_userauth_request: invalid user magnus [preauth]
May 15 00:35:48 raspberrypi sshd[32662]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:48 raspberrypi sshd[32662]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32471]: Failed password for invalid user marcus from 122.2.165.134 port 41867 ssh2
May 15 00:35:48 raspberrypi sshd[32480]: Failed password for invalid user xerox from 122.2.165.134 port 41946 ssh2
May 15 00:35:48 raspberrypi sshd[32665]: Invalid user solid from 122.2.165.134 port 44000
May 15 00:35:48 raspberrypi sshd[32665]: input_userauth_request: invalid user solid [preauth]
May 15 00:35:48 raspberrypi sshd[32665]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:48 raspberrypi sshd[32665]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32672]: Invalid user mp3 from 122.2.165.134 port 44079
May 15 00:35:48 raspberrypi sshd[32672]: input_userauth_request: invalid user mp3 [preauth]
May 15 00:35:48 raspberrypi sshd[32672]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:48 raspberrypi sshd[32672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32676]: Invalid user mp3 from 122.2.165.134 port 44158
May 15 00:35:48 raspberrypi sshd[32484]: Failed password for invalid user michal from 122.2.165.134 port 42025 ssh2
May 15 00:35:48 raspberrypi sshd[32676]: input_userauth_request: invalid user mp3 [preauth]
May 15 00:35:48 raspberrypi sshd[32676]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:48 raspberrypi sshd[32676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32471]: Received disconnect from 122.2.165.134 port 41867:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:48 raspberrypi sshd[32471]: Disconnected from 122.2.165.134 port 41867 [preauth]
May 15 00:35:48 raspberrypi sshd[32480]: Received disconnect from 122.2.165.134 port 41946:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:48 raspberrypi sshd[32480]: Disconnected from 122.2.165.134 port 41946 [preauth]
May 15 00:35:48 raspberrypi sshd[32681]: Invalid user ircd from 122.2.165.134 port 44237
May 15 00:35:48 raspberrypi sshd[32681]: input_userauth_request: invalid user ircd [preauth]
May 15 00:35:48 raspberrypi sshd[32686]: Invalid user master from 122.2.165.134 port 44316
May 15 00:35:48 raspberrypi sshd[32681]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:48 raspberrypi sshd[32681]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32686]: input_userauth_request: invalid user master [preauth]
May 15 00:35:48 raspberrypi sshd[32484]: Received disconnect from 122.2.165.134 port 42025:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:48 raspberrypi sshd[32484]: Disconnected from 122.2.165.134 port 42025 [preauth]
May 15 00:35:48 raspberrypi sshd[32502]: Failed password for invalid user general from 122.2.165.134 port 42183 ssh2
May 15 00:35:48 raspberrypi sshd[32686]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:48 raspberrypi sshd[32686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32699]: Invalid user roy from 122.2.165.134 port 44395
May 15 00:35:48 raspberrypi sshd[32515]: Failed password for invalid user manuela from 122.2.165.134 port 42341 ssh2
May 15 00:35:48 raspberrypi sshd[32699]: input_userauth_request: invalid user roy [preauth]
May 15 00:35:48 raspberrypi sshd[32699]: pam_unix(sshd:auth): check pass; user unknown
May 15 00:35:48 raspberrypi sshd[32699]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=122.2.165.134
May 15 00:35:48 raspberrypi sshd[32502]: Received disconnect from 122.2.165.134 port 42183:11: Normal Shutdown, Thank you for playing [preauth]
May 15 00:35:48 raspberrypi sshd[32502]: Disconnected from 122.2.165.134 port 42183 [preauth]
May 15 00:35:48 raspberrypi sshd[32515]: Received disconnect from 122.2.165.134 port 42341:11: Normal Shutdown, Thank you for playing [preauth]


Qualcuno ha idea da cosa possano dipendere ?

Grazie
Fabio


Avatar utente
Flane
Messaggi: 2460
Iscritto il: 16/01/2016, 15:02

Re: strani log ....

Messaggioda Flane » 15/05/2019, 17:07

Hai semplicemente dei tentativi di accesso dall'esterno.

Puoi bloccarli con file2ban che è già installato nella Solarstretch.
Qui trovi qualcosa a riguardo:
http://www.flanesi.it/doku/doku.php?id= ... -sicurezza

qui si parla di limitare l'accesso a Domoticz, ma puoi fare la stessa cosa con l'accesso ssh http https o altri servizio
In rete trovi delle guide a riguardo.
http://guide.debianizzati.org/index.php/Fail2ban
https://www.punto-informatico.it/download/fail2ban/
https://www.squeezemind.it/guida-fail2ban/


.... ora che me lo fai notare ho controllato e ne ho parecchi anch'io .. :shock: :shock:

fabioe
Messaggi: 29
Iscritto il: 22/01/2016, 21:03

Re: strani log ....

Messaggioda fabioe » 15/05/2019, 18:00

Grazie per la risposta Flane,
ho letto la wiki riguardo a fail2ban ed ho visto che è configurato come da wik sulla solarstrecth.
Si può aggiungere qualche configurazione per filtrare anche accessi a 123solar e metern ?

Grazie
Ultima modifica di fabioe il 15/05/2019, 18:06, modificato 4 volte in totale.


Torna a “MeterN”

Chi c’è in linea

Visitano il forum: Nessuno e 27 ospiti