Re: logwatch - need latest version, remove from yum?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Cameron Simpson <cs zip com au> DoD#743:
> Odd. I have 7.0 installed, and I use yum to keep it up to date.
> It's not 7.1, but it's much closer that the 5.2 you cite. I'm using FC4.

I don't know about the difference between 5.2.2 (FC3 latest) and 7.0,
but here's more info.

[BTW, if yum list only shows 5.2.2, how could it ever update a 7.0 version?]

If you have sshd enabled (OpenSSH_3.9p1-FC-3.9p1-8.0.3), and using
standard ports, and you have script-kiddies beating on your door, then
you will see the following messages in your daily logwatch - just a
few lines shown here, first number in IP address changed to 10:

**Unmatched Entries**
User root not allowed because not listed in AllowUsers
Failed password for invalid user root from 10.114.109.221 port 53218 ssh2
Invalid user admin from 10.114.109.221
Failed password for invalid user admin from 10.114.109.221 port 53488 ssh2
Invalid user test from 10.114.109.221
Failed password for invalid user test from 10.114.109.221 port 53690 ssh2
Invalid user guest from 10.114.109.221
Failed password for invalid user guest from 10.114.109.221 port 53891 ssh2
Invalid user webmaster from 10.114.109.221
Failed password for invalid user webmaster from 10.114.109.221 port 54074 ssh2
User mysql not allowed because not listed in AllowUsers
Failed password for invalid user mysql from 10.114.109.221 port 54274 ssh2
Invalid user oracle from 10.114.109.221
.......


All these lines went away when I upgraded to logwatch 7.1, and all
these IP addreses were correctly classified in the summary lines by
logwatch 7.1


On 12/25/05, B Wooster <bwooster47@xxxxxxxxx> wrote:
> OK, I removed the logwatch from FC3 update package,
> and did a rpm --install of the version 7.1 from the logwatch web site
> - http://www2.logwatch.org:8080/
>
> and now all is fine... no more hundreds of "unmatched entries" in my
> daily logwatch email in the sshd section.


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux