March 03rd, 2015 11:44:53 PM

Available agents:                  


+ossec-server (127.0.0.1)
+cyril_vps_mfc_mirror (178.33.174.103) - Inactive
+cyril_vps_cpafloride (5.196.201.32)
+cyril_vps_odoo (5.196.201.33)
+cyril_vps_myfrenchcity (5.196.201.35) - Inactive

Latest modified files:


+/etc/csf/csf.allow
+/usr/sbin/csf
+/etc/csf/csf.pl
+/etc/csf/csfui.pl
+/etc/csf/uninstall.sh
+/usr/sbin/csf
+/etc/csf/uninstall.sh
+/etc/csf/csfui.pl
+/etc/csf/csf.pl


Latest events


2015 Mar 03 23:44:45
Level:
5 - Postfix SASL authentication failure.
Rule Id:
3332
Location:
(cyril_vps_cpafloride) 5.196.201.32->/var/log/syslog
Src IP:
118.201.48.218
Mar 4 02:45:09 cpafloride postfix/smtpd[2974]: warning: unknown[118.201.48.218]: SASL LOGIN authentication failed: authentication failure
2015 Mar 03 23:44:45
Level:
5 - User authentication failure.
Rule Id:
2501
Location:
(cyril_vps_cpafloride) 5.196.201.32->/var/log/auth.log
Mar 4 02:45:09 cpafloride saslauthd[1988]: do_auth : auth failure: [user=sales] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error]
2015 Mar 03 23:44:45
Level:
5 - User authentication failure.
Rule Id:
2501
Location:
(cyril_vps_cpafloride) 5.196.201.32->/var/log/auth.log
Mar 4 02:45:09 cpafloride saslauthd[1988]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure
2015 Mar 03 23:44:43
Level:
5 - User login failed.
Rule Id:
5503
Location:
(cyril_vps_cpafloride) 5.196.201.32->/var/log/auth.log
Mar 4 02:45:07 cpafloride saslauthd[1988]: pam_unix(smtp:auth): authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=
2015 Mar 03 23:44:39
Level:
3 - Login session closed.
Rule Id:
5502
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:45:02 odoo su[28026]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:44:39
Level:
3 - Login session opened.
Rule Id:
5501
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:45:02 odoo su[28026]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:44:39
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
User:
postgres
Mar 4 02:45:02 odoo su[28026]: + ??? root:postgres
2015 Mar 03 23:41:45
Level:
3 - Login session closed.
Rule Id:
5502
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:42:07 odoo su[27878]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:41:45
Level:
3 - Login session opened.
Rule Id:
5501
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:42:07 odoo su[27878]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:41:45
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
User:
postgres
Mar 4 02:42:07 odoo su[27878]: + ??? root:postgres
2015 Mar 03 23:40:50
Level:
3 - Dovecot Session Disconnected.
Rule Id:
9706
Location:
betavision->/var/log/syslog
Mar 3 23:40:48 betavision dovecot: pop3(betavision): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
2015 Mar 03 23:40:50
Level:
3 - Dovecot Authentication Success.
Rule Id:
9701
Location:
betavision->/var/log/syslog
Mar 3 23:40:48 betavision dovecot: pop3-login: Login: user=<betavision>, method=PLAIN, rip=54.207.69.23, lip=172.31.22.4, mpid=10656, session=<6MP/YG0QSgA2z0UX>
2015 Mar 03 23:40:04
Level:
3 - Login session closed.
Rule Id:
5502
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10556]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:40:04
Level:
3 - Login session opened.
Rule Id:
5501
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10556]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:40:04
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
betavision->/var/log/auth.log
User:
postgres
Mar 3 23:40:03 betavision su[10556]: + ??? root:postgres
2015 Mar 03 23:40:04
Level:
3 - Login session closed.
Rule Id:
5502
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10544]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:40:04
Level:
3 - Login session opened.
Rule Id:
5501
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10544]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:40:04
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
betavision->/var/log/auth.log
User:
postgres
Mar 3 23:40:03 betavision su[10544]: + ??? root:postgres
2015 Mar 03 23:40:04
Level:
3 - Login session closed.
Rule Id:
5502
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10523]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:40:04
Level:
3 - Login session opened.
Rule Id:
5501
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10523]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:40:04
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
betavision->/var/log/auth.log
User:
postgres
Mar 3 23:40:03 betavision su[10523]: + ??? root:postgres
2015 Mar 03 23:40:04
Level:
3 - Login session closed.
Rule Id:
5502
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10506]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:40:04
Level:
3 - Login session opened.
Rule Id:
5501
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10506]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:40:04
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
betavision->/var/log/auth.log
User:
postgres
Mar 3 23:40:03 betavision su[10506]: + ??? root:postgres
2015 Mar 03 23:40:04
Level:
3 - Login session closed.
Rule Id:
5502
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10480]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:40:04
Level:
3 - Login session closed.
Rule Id:
5502
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10478]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:40:04
Level:
3 - Login session opened.
Rule Id:
5501
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10480]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:40:04
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
betavision->/var/log/auth.log
User:
postgres
Mar 3 23:40:03 betavision su[10480]: + ??? root:postgres
2015 Mar 03 23:40:04
Level:
3 - Login session opened.
Rule Id:
5501
Location:
betavision->/var/log/auth.log
Mar 3 23:40:03 betavision su[10478]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:40:04
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
betavision->/var/log/auth.log
User:
postgres
Mar 3 23:40:03 betavision su[10478]: + ??? root:postgres
2015 Mar 03 23:39:38
Level:
3 - Login session closed.
Rule Id:
5502
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:40:02 odoo su[27750]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:39:38
Level:
3 - Login session opened.
Rule Id:
5501
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:40:02 odoo su[27750]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:39:38
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
User:
postgres
Mar 4 02:40:02 odoo su[27750]: + ??? root:postgres
2015 Mar 03 23:36:44
Level:
3 - Login session closed.
Rule Id:
5502
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:37:07 odoo su[27576]: pam_unix(su:session): session closed for user postgres
2015 Mar 03 23:36:44
Level:
3 - Login session opened.
Rule Id:
5501
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
Mar 4 02:37:07 odoo su[27576]: pam_unix(su:session): session opened for user postgres by (uid=0)
2015 Mar 03 23:36:44
Level:
3 - User successfully changed UID.
Rule Id:
5304
Location:
(cyril_vps_odoo) 5.196.201.33->/var/log/auth.log
User:
postgres
Mar 4 02:37:07 odoo su[27576]: + ??? root:postgres