-----------------------------------------
답변자가 기본적으로 참고할 내용입니다.
- 배포판(옵션) :
- 커널버전(옵션)
:
- 데몬버전(예:apache
1.3.27) :
- 데몬설치유형(RPM/컴파일/기타)
:
-----------------------------------------
################### LogWatch 5.2.2 (06/23/04) ####################
Processing Initiated: Tue Jul 18 04:03:11 2006
Date Range Processed: yesterday
Detail Level of Output: 0
Logfiles for Host: ns
################################################################
--------------------- IMAP Begin ------------------------
[IMAPd] Logout stats:
====================
User | Logouts | Downloaded | Mbox Size
--------------------------------------- | ------- | ---------- | ----------
<=IMAP 서비스를 이용한 접속을 보여주는 것으로 보입니다.
jh_park | 8 | |
왜 로그인이 아닌 로그아웃 횟수가
나오는건지는
모르겠습니다.
----------------------------------------------------------------------------
8 | 0 | 0
**Unmatched Entries**
Command stream end of file, while reading line user=??? host=[211.41.128.112]: 1
Time(s)
---------------------- IMAP End -------------------------
--------------------- ipop3d Begin ------------------------
**Unmatched Entries**
Mailbox vulnerable - directory /var/spool/mail must have 1777 protection: 752
Time(s)
<=일종의 보안경고로 보여집니다. /var/spool/mail 의 퍼미션을
1777로
변경하라고합니다.
---------------------- ipop3d End -------------------------
--------------------- Named Begin ------------------------
Zone update refused:
218.234.73.136 (kings.co.kr/IN): 52 Time(s)
<= Zone 파일의 로드된 횟수입니다.IN 은 인터넷을
의미하는 클래스라고
되어있습니다.
---------------------- Named End -------------------------
--------------------- pam_unix Begin ------------------------
<= 로그인에 관련된 로그입니다.
crond:
Unknown Entries:
session closed for user root: 25 Time(s)
session opened for user root by (uid=0): 25 Time(s)
sshd:
Authentication Failures:
unknown (61.134.1.11): 17 Time(s)
root (61.134.1.11): 3 Time(s)
root (202.143.134.178): 1 Time(s)
test (61.134.1.11): 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
Connections:
Service pop3:
<= 해당 아이피에서 POP3 로 접속
218.234.73.136: 394 Time(s)
접속한 횟수가 나옵니다.
218.234.73.155: 288 Time(s)
Service imap:
<= 마찬가지로 imap 으로 접속한
기록입니다.
127.0.0.1: 8 Time(s)
로컬에서 8번
211.41.128.112: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- sendmail Begin ------------------------
Bytes Transferred: 6732072 <= 전체 보내진 메일의
용량입니다.
Messages Sent: 572 <= 전체 보낸 메일의
수입니다.
Total recipients: 685 <= 전체 받은 메일의 수입니다.
4 messages returned after 2 hours <=
82 User Unknown notifications
Unknown local users: <= 알수없는 로컬유저의 수
Total: 239 <= 총 239명
Top relays (recipients/connections - min 10 rcpts, max 50 lines):
49/49: [211.229.226.126]
33/33: [59.29.36.72]
27/18: c-67-162-122-135.hsd1.il.comcast.net [67.162.122.135]
26/17: 80-74-74-65.gci.net [65.74.74.80]
20/20: [221.201.2.160]
15/13: [220.64.48.61]
14/2: [125.190.62.34]
14/2: [125.190.63.190]
14/2: [125.190.63.148]
11/11: [219.241.207.109]
11/11: [59.17.218.224]
11/3: [222.235.223.70]
11/11: [125.137.16.222]
10/9: [221.201.0.26]
Relaying denied:
From [220.165.246.62] to bocks@gmx.net: 1
Time(s)
From [221.201.215.60] to silee@yurim.skku.ac.kr: 1 Time(s)
From [221.201.215.60] to sjkim@yurim.skku.ac.kr: 1 Time(s)
From [221.201.215.60] to sjklee@yurim.skku.ac.kr: 1 Time(s)
From [221.201.215.60] to skim@yurim.skku.ac.kr: 1 Time(s)
From [221.201.215.60] to skjeong@yurim.skku.ac.kr: 1
Time(s)
From [221.201.215.60] to skkwon@yurim.skku.ac.kr: 1 Time(s)
From [221.201.215.60] to smcho@yurim.skku.ac.kr: 1 Time(s)
From [221.201.215.60] to smhan@yurim.skku.ac.kr: 1 Time(s)
From [222.122.60.184] to charliem634@gmail.com: 1 Time(s)
From [60.51.132.169] to mohanif@lovemail.com: 1 Time(s)
From [61.34.46.144] to dnftks1156@hanmail.net: 1 Time(s)
From adsl-d7.87-197-195.telecom.sk [87.197.195.7] to mohanian@ucsd.edu: 1 Time(s)
From lns-bzn-58-82-251-253-175.adsl.proxad.net [82.251.253.175] to cgoh88@korea.com: 1 Time(s)
From mta.hanmail.net [211.233.30.68] to spambuster@ohora.hanmail.net: 1
Time(s)
Total: 15
Rejected mail:
eunjeong.kwon@kor.ccamatil.com
(450
4.4.0 Relaying temporarily denied. Cannot resolve PTR record for 71.93.78.34): 1
Time(s)
eunsung.ra@kor.ccamatil.com (450
4.4.0
Relaying temporarily denied. Cannot resolve PTR record for 71.93.78.34): 1
Time(s)
eunjeong.kim@kor.ccamatil.com (450
4.4.0
Relaying temporarily denied. Cannot resolve PTR record for 71.93.78.34): 1
Time(s)
Total: 3
Client quit before communicating:
125-228-87-124.dynamic.hinet.net : 2 Time(s)
190.44.66.68 : 1 Time(s)
200.92.229.163 : 1 Time(s)
201.27.181.215 : 1 Time(s)
201.58.251.158 : 1 Time(s)
211.234.104.188 : 1 Time(s)
217.132.105.213 : 1 Time(s)
218.71.36.163 : 1 Time(s)
222.122.60.184 : 1 Time(s)
24.206.224.136 : 7 Time(s)
36.Red-88-1-104.dynamicIP.rima-tde.net : 1 Time(s)
59.10.78.15 : 1 Time(s)
68.150.236.237 : 1 Time(s)
83.15.18.2 : 1 Time(s)
83.28.198.188 : 1 Time(s)
84.100.76.83 : 1 Time(s)
85.201.14.196 : 1 Time(s)
85.68.129.94 : 1 Time(s)
87.206.255.31 : 1 Time(s)
88.241.252.52 : 1 Time(s)
actae.ath.forthnet.gr : 1 Time(s)
doc-24-206-224-136.doc-kw.tx.cebridge.net : 3 Time(s)
Authentication warnings:
[218.234.73.133] didn't use HELO protocol: 1 Time(s)
**Unmatched Entries**
k6H6TT4U002456[2]: Contains an URL listed in the OB SURBL blocklist\n\t*
[URIs:
weilfone.com]\n\t* 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist\n\t* [URIs: weilfone.com]: 1 Time(s)
k6GK8gYq032733[2]: Contains an URL listed in the SC SURBL blocklist\n\t*
[URIs:
autoomiaticcat.com]: 1 Time(s)
k6HDZ9Gk003721: return to sender: Cannot send message for 1 day: 1 Time(s)
k6H6Tp31002459[2]: SURBL blocklist\n\t* [URIs: pw2005893.com
aer23ret4.com]\n\t*
1.7 MSGID_RANDY Message-Id has pattern used in spam\n\t* 0.1 HTML_MIME_NO_HTML_TAG
HTML-only message, but there is no HTML tag\n\t* 0.0 MIME_HTML_ONLY_MULTI
Multipart
message only has text/html MIME parts\n\t* 1.4 FORGED_MUA_THEBAT_BOUN Mail
pretending to
be from The Bat! (boundary)\n\t* 1.1 FORGED_THEBAT_HTML The Bat! can't send HTML
message
only\n\t* 0.0 RCVD_DOUBLE_IP_LOOSE Received: by and from look like IP addresses: 1
Time(s)
k6GGZ8g9031578: return to sender: Cannot send message for 1 day: 1 Time(s)
k6H53nVp002138[2]: in this format\n\t* 1.3 FORGED_MUA_OIMO Forged mail
pretending to
be from MS Outlook IMO: 1 Time(s)
k6H1SAND001390[2]: [URIs: arboursterile.com]: 1 Time(s)
k6HCTa2o003559[2]: Contains an URL listed in the SC SURBL blocklist\n\t*
[URIs:
trollshouse.com]: 1 Time(s)
k6GIDHat031933[2]: fanbuild.com]\n\t* 3.9 URIBL_SC_SURBL Contains an URL listed
in the
SC SURBL blocklist\n\t* [URIs: fanbuild.com]: 1 Time(s)
k6HDZ9Gj003721: return to sender: Cannot send message for 1 day: 1 Time(s)
k6H35qeD001580[2]: URL listed in the WS SURBL blocklist\n\t* [URIs:
miernitnebrebt.com ieruwu34h5.com]\n\t* 1.7 MSGID_RANDY Message-Id has pattern used
in
spam\n\t* 0.0 FORGED_OUTLOOK_HTML Outlook can't send HTML message only\n\t* 0.1
HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML tag\n\t* 0.0
FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format\n\t* 0.0
MIME_HTML_ONLY_MULTI
Multipart message only has text/html MIME parts\n\t* 0.0 RCVD_DOUBLE_IP_LOOSE
Received: by
and from look like IP addresses\n\t* 3.0 FORGED_MUA_OUTLOOK Forged mail pretending
to be
from MS Outlook: 1 Time(s)
k6H3qHFg001775[2]: URL listed in the WS SURBL blocklist\n\t* [URIs:
miernitnebrebt.com ieruwu34h5.com]\n\t* 1.7 MSGID_RANDY Message-Id has pattern used
in
spam\n\t* 0.1 HTML_MIME_NO_HTML_TAG HTML-only message, but there is no HTML
tag\n\t* 0.2
FORGED_QUALCOMM_TAGS QUALCOMM mailers can't send HTML in this format\n\t* 0.0
MIME_HTML_ONLY_MULTI Multipart message only has text/html MIME parts\n\t* 0.1
FORGED_MUA_EUDORA Forged mail pretending to be from Eudora\n\t* 0.0
RCVD_DOUBLE_IP_LOOSE
Received: by and from look like IP addresses: 1 Time(s)
k6GHZ8IT031830: return to sender: Cannot send message for 1 day: 1 Time(s)
k6H0LDPj001210[2]: HTML in this format\n\t* 1.3 FORGED_MUA_OIMO Forged mail
pretending
to be from MS Outlook IMO: 1 Time(s)
k6GMEO6Y000881[2]: superaspect.com]\n\t* 3.9 URIBL_SC_SURBL Contains an URL
listed in
the SC SURBL blocklist\n\t* [URIs: superaspect.com]: 1 Time(s)
k6H08nbn001161[2]: [URIs: healfs.com]\n\t* 3.9 URIBL_SC_SURBL Contains an URL
listed
in the SC SURBL blocklist\n\t* [URIs: healfs.com]: 1 Time(s)
k6GJQUkS032641[2]: [URIs: fanbuild.com]\n\t* 3.9 URIBL_SC_SURBL Contains an
URL
listed in the SC SURBL blocklist\n\t* [URIs: fanbuild.com]: 1 Time(s)
k6H3Uh0l001676[2]: listed in the WS SURBL blocklist\n\t* [URIs:
healfs.com]\n\t*
2.0 URIBL_OB_SURBL Contains an URL listed in the OB SURBL blocklist\n\t*
[URIs:
healfs.com]\n\t* 3.9 URIBL_SC_SURBL Contains an URL listed in the SC SURBL
blocklist\n\t*
[URIs: healfs.com]: 1 Time(s)
Summary:
Total Mail Rejected: 257
---------------------- sendmail End -------------------------
--------------------- SSHD Begin ------------------------
Failed logins from these:
root/password from ::ffff:202.143.134.178: 1 Time(s)
root/password from ::ffff:61.134.1.11: 3 Time(s)
test/password from ::ffff:61.134.1.11: 1 Time(s)
**Unmatched Entries**
Invalid user scanner from ::ffff:61.134.1.11
Failed password for invalid user scanner from ::ffff:61.134.1.11 port 57970
ssh2
Invalid user billing from ::ffff:61.134.1.11
Failed password for invalid user billing from ::ffff:61.134.1.11 port 58322
ssh2
Invalid user ringo from ::ffff:61.134.1.11
Failed password for invalid user ringo from ::ffff:61.134.1.11 port 58496 ssh2
Invalid user cvsuser from ::ffff:61.134.1.11
Failed password for invalid user cvsuser from ::ffff:61.134.1.11 port 58675
ssh2
Invalid user nishida from ::ffff:61.134.1.11
Failed password for invalid user nishida from ::ffff:61.134.1.11 port 58815
ssh2
Invalid user jimu from ::ffff:61.134.1.11
Failed password for invalid user jimu from ::ffff:61.134.1.11 port 58966 ssh2
Invalid user cherry from ::ffff:61.134.1.11
Failed password for invalid user cherry from ::ffff:61.134.1.11 port 59117
ssh2
Invalid user sasaki from ::ffff:61.134.1.11
Failed password for invalid user sasaki from ::ffff:61.134.1.11 port 59217
ssh2
Invalid user simon from ::ffff:61.134.1.11
Failed password for invalid user simon from ::ffff:61.134.1.11 port 59462 ssh2
Invalid user angelique from ::ffff:61.134.1.11
Failed password for invalid user angelique from ::ffff:61.134.1.11 port 59833
ssh2
Invalid user admin from ::ffff:61.134.1.11
Failed password for invalid user admin from ::ffff:61.134.1.11 port 59962 ssh2
Invalid user vmware from ::ffff:61.134.1.11
Failed password for invalid user vmware from ::ffff:61.134.1.11 port 60111
ssh2
Invalid user ventas from ::ffff:61.134.1.11
Failed password for invalid user ventas from ::ffff:61.134.1.11 port 60314
ssh2
Invalid user yamada from ::ffff:61.134.1.11
Failed password for invalid user yamada from ::ffff:61.134.1.11 port 60447
ssh2
Invalid user nagios from ::ffff:61.134.1.11
Failed password for invalid user nagios from ::ffff:61.134.1.11 port 60575
ssh2
Invalid user svn from ::ffff:61.134.1.11
Failed password for invalid user svn from ::ffff:61.134.1.11 port 60734 ssh2
Invalid user temp from ::ffff:61.134.1.11
Failed password for invalid user temp from ::ffff:61.134.1.11 port 60818 ssh2
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
/dev/mapper/VolGroup00-LogVol00
/dev/hda1 99M 8.9M 85M 10% /boot
###################### LogWatch End #########################
이런식으로 제가 어느 부분이 어떤 것을 알려주는지 여기저기
찾아서
조금 적어봤는데 나머지를 모르겠습니다. 간단하게라도 나머지
부문이
어떤 것을 나타내는지만 알려주시면 정말 감사드리겠습니다.
또 가능하시면 로그와치에서 메일이 왔을때 주의깊게
제일먼저
봐야할 부분을 좀 알려주시면 정말 감사드리겠습니다.
|
오늘은 대한입니다.
/board/read.php:소스보기 
