Snippets

Temple Pate 4Bgq: Untitled snippet

Created by Temple Pate
snippet.txt
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
May 26 09:39:01 Shared CRON[26928]: pam_unix(cron:session): session closed for user root
May 26 10:09:01 Shared CRON[28787]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 10:09:01 Shared CRON[28787]: pam_unix(cron:session): session closed for user root
May 26 10:17:01 Shared CRON[29293]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 10:17:01 Shared CRON[29293]: pam_unix(cron:session): session closed for user root
May 26 10:39:01 Shared CRON[30646]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 10:39:02 Shared CRON[30646]: pam_unix(cron:session): session closed for user root
May 26 11:09:01 Shared CRON[32511]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 11:09:02 Shared CRON[32511]: pam_unix(cron:session): session closed for user root
May 26 11:13:48 Shared sshd[354]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 26 11:13:50 Shared sshd[354]: reverse mapping checking getaddrinfo for 162-17-78-154-static.hfc.comcastbusiness.net [162.17.78.154] failed - POSSIBLE BREAK-IN ATTEMPT!
May 26 11:14:06 Shared sshd(pam_google_authenticator)[358]: Invalid verification code
May 26 11:14:13 Shared sshd[354]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:14:20 Shared sshd(pam_google_authenticator)[382]: Invalid verification code
May 26 11:14:28 Shared sshd[354]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:14:28 Shared sshd[354]: Postponed keyboard-interactive for nonadmin from 162.17.78.154 port 29293 ssh2 [preauth]
May 26 11:14:49 Shared sshd(pam_google_authenticator)[398]: Invalid verification code
May 26 11:14:49 Shared sshd[354]: Postponed keyboard-interactive/pam for nonadmin from 162.17.78.154 port 29293 ssh2 [preauth]
May 26 11:14:53 Shared sshd[354]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:15:02 Shared sshd(pam_google_authenticator)[354]: Invalid verification code
May 26 11:15:04 Shared sshd[354]: Failed password for nonadmin from 162.17.78.154 port 29293 ssh2
May 26 11:17:01 Shared CRON[566]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 11:17:01 Shared CRON[566]: pam_unix(cron:session): session closed for user root
May 26 11:17:21 Shared passwd[589]: pam_unix(passwd:chauthtok): password changed for nonadmin
May 26 11:17:26 Shared sshd[596]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 26 11:17:27 Shared sshd[596]: reverse mapping checking getaddrinfo for 162-17-78-154-static.hfc.comcastbusiness.net [162.17.78.154] failed - POSSIBLE BREAK-IN ATTEMPT!
May 26 11:17:32 Shared sshd(pam_google_authenticator)[598]: Invalid verification code
May 26 11:17:36 Shared sshd[596]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:17:42 Shared sshd(pam_google_authenticator)[608]: Invalid verification code
May 26 11:17:46 Shared sshd[596]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:17:46 Shared sshd[596]: Postponed keyboard-interactive for nonadmin from 162.17.78.154 port 29326 ssh2 [preauth]
May 26 11:17:52 Shared sshd(pam_google_authenticator)[621]: Invalid verification code
May 26 11:17:52 Shared sshd[596]: Postponed keyboard-interactive/pam for nonadmin from 162.17.78.154 port 29326 ssh2 [preauth]
May 26 11:17:56 Shared sshd[596]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:18:00 Shared sshd(pam_google_authenticator)[596]: Invalid verification code
May 26 11:18:02 Shared sshd[596]: Failed password for nonadmin from 162.17.78.154 port 29326 ssh2
May 26 11:19:14 Shared sshd[596]: Connection closed by 162.17.78.154 [preauth]
May 26 11:19:15 Shared sshd[734]: error: Could not load host key: /etc/ssh/ssh_host_ed25519_key
May 26 11:19:15 Shared sshd[734]: reverse mapping checking getaddrinfo for 162-17-78-154-static.hfc.comcastbusiness.net [162.17.78.154] failed - POSSIBLE BREAK-IN ATTEMPT!
May 26 11:19:20 Shared sshd(pam_google_authenticator)[736]: Invalid verification code
May 26 11:19:30 Shared sshd[734]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:19:37 Shared sshd(pam_google_authenticator)[752]: Invalid verification code
May 26 11:19:43 Shared sshd[734]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:19:43 Shared sshd[734]: Postponed keyboard-interactive for nonadmin from 162.17.78.154 port 29376 ssh2 [preauth]
May 26 11:19:46 Shared sshd(pam_google_authenticator)[766]: Invalid verification code
May 26 11:19:46 Shared sshd[734]: Postponed keyboard-interactive/pam for nonadmin from 162.17.78.154 port 29376 ssh2 [preauth]
May 26 11:19:52 Shared sshd[734]: error: PAM: Cannot make/remove an entry for the specified session for nonadmin from 162.17.78.154
May 26 11:19:56 Shared sshd(pam_google_authenticator)[734]: Invalid verification code
May 26 11:19:58 Shared sshd[734]: Failed password for nonadmin from 162.17.78.154 port 29376 ssh2
May 26 11:24:35 Shared sshd[965]: Received signal 15; terminating.
May 26 11:27:49 Shared ajenti: user root logged in through AjentiSyncProvider from 162.17.78.154
May 26 11:30:41 Shared sudo:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/ufw allow ssh
May 26 11:30:41 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 11:30:42 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 11:31:47 Shared sudo:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/sbin/iptables -L
May 26 11:31:47 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 11:31:47 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 11:31:59 Shared sudo:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/sbin/iptables -A INPUT -p tcp --dport ssh -j ACCEPT
May 26 11:31:59 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 11:31:59 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 11:32:03 Shared sudo:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/sbin/iptables -L
May 26 11:32:03 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 11:32:03 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 11:32:23 Shared sudo:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/sbin/iptables -A INPUT -p tcp --dport 2289 -j ACCEPT
May 26 11:32:23 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 11:32:23 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 11:39:01 Shared CRON[2262]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 11:39:02 Shared CRON[2262]: pam_unix(cron:session): session closed for user root
May 26 11:50:11 Shared sudo:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/apt-get install openssh-server
May 26 11:50:11 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 11:50:12 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 11:52:34 Shared ajenti: user root logged in through AjentiSyncProvider from 162.17.78.154
May 26 11:56:40 Shared sudo:     root : TTY=pts/0 ; PWD=/ ; USER=root ; COMMAND=/usr/bin/apt-get install libpam-google-authenticator
May 26 11:56:40 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 11:56:41 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 12:02:16 Shared su[16636]: Successful su for nonadmin by root
May 26 12:02:16 Shared su[16636]: + /dev/pts/0 root:nonadmin
May 26 12:02:16 Shared su[16636]: pam_unix(su:session): session opened for user nonadmin by (uid=0)
May 26 12:09:01 Shared CRON[17966]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 12:09:02 Shared CRON[17966]: pam_unix(cron:session): session closed for user root
May 26 12:11:27 Shared su[18136]: Successful su for root by nonadmin
May 26 12:11:27 Shared su[18136]: + /dev/pts/0 nonadmin:root
May 26 12:11:27 Shared su[18136]: pam_unix(su:session): session opened for user root by (uid=1000)
May 26 12:12:16 Shared sudo:     root : TTY=pts/0 ; PWD=/etc/ssh ; USER=root ; COMMAND=/usr/bin/apt-get install mosh
May 26 12:12:16 Shared sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
May 26 12:12:21 Shared groupadd[18573]: group added to /etc/group: name=utempter, GID=118
May 26 12:12:21 Shared groupadd[18573]: group added to /etc/gshadow: name=utempter
May 26 12:12:21 Shared groupadd[18573]: new group: name=utempter, GID=118
May 26 12:12:22 Shared sudo: pam_unix(sudo:session): session closed for user root
May 26 12:17:01 Shared CRON[18901]: pam_unix(cron:session): session opened for user root by (uid=0)
May 26 12:17:01 Shared CRON[18901]: pam_unix(cron:session): session closed for user root

Comments (0)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.