Fujtajbl vespolek!
Nechapu, cim jsem se o to zaslouzil, ale nekdo ma zajem o moji malinu.
Pripadalo mi divne, ze ledka na routru blika jak blazniva, kdyz by nemel byt skoro zadny provoz na siti a nasel jsem zajimave cteni v auth.log - ukazka nize je starsi, ty novejsi zaznamy jsou velmi podobne, jen uz tam nejsou radky koncici "POSSIBLE BREAK-IN ATTEMPT!". Snazili se vydatne, celkova velikost auth.log.x je pres 80MiB (nekomprimovanych).
Zatim jsem zamezil pristupu zvenku, ale rad bych to zase zprovoznil. Takze bych se chtel zeptat znalych a zkusenych, co zkontrolovat a prohledat, jestli se nekam precejen nedostali.
A pripadne nejake rady jak zlepsit bezpecnost.
Diky, Jirka.
Mar 6 09:52:15 raspberrypi sshd[11636]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:15 raspberrypi sshd[11632]: Failed password for root from 218.65.30.107 port 57752 ssh2
Mar 6 09:52:15 raspberrypi sshd[11640]: Failed password for root from 183.136.216.4 port 35801 ssh2
Mar 6 09:52:16 raspberrypi sshd[11632]: Received disconnect from 218.65.30.107: 11: [preauth]
Mar 6 09:52:16 raspberrypi sshd[11632]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:17 raspberrypi sshd[11640]: Failed password for root from 183.136.216.4 port 35801 ssh2
Mar 6 09:52:17 raspberrypi sshd[11644]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:17 raspberrypi sshd[11640]: Received disconnect from 183.136.216.4: 11: [preauth]
Mar 6 09:52:17 raspberrypi sshd[11640]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:18 raspberrypi sshd[11648]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 6 09:52:19 raspberrypi sshd[11648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:19 raspberrypi sshd[11644]: Failed password for root from 103.41.124.37 port 45440 ssh2
Mar 6 09:52:20 raspberrypi sshd[11652]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:20 raspberrypi sshd[11648]: Failed password for root from 218.65.30.107 port 53607 ssh2
Mar 6 09:52:21 raspberrypi sshd[11644]: Failed password for root from 103.41.124.37 port 45440 ssh2
Mar 6 09:52:22 raspberrypi sshd[11652]: Failed password for root from 183.136.216.4 port 36841 ssh2
Mar 6 09:52:22 raspberrypi sshd[11648]: Failed password for root from 218.65.30.107 port 53607 ssh2
Mar 6 09:52:23 raspberrypi sshd[11644]: Failed password for root from 103.41.124.37 port 45440 ssh2
Mar 6 09:52:23 raspberrypi sshd[11644]: Received disconnect from 103.41.124.37: 11: [preauth]
Mar 6 09:52:23 raspberrypi sshd[11644]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:24 raspberrypi sshd[11652]: Failed password for root from 183.136.216.4 port 36841 ssh2
Mar 6 09:52:25 raspberrypi sshd[11648]: Failed password for root from 218.65.30.107 port 53607 ssh2
Mar 6 09:52:26 raspberrypi sshd[11648]: Received disconnect from 218.65.30.107: 11: [preauth]
Mar 6 09:52:26 raspberrypi sshd[11648]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:26 raspberrypi sshd[11656]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:26 raspberrypi sshd[11652]: Failed password for root from 183.136.216.4 port 36841 ssh2
Mar 6 09:52:27 raspberrypi sshd[11652]: Received disconnect from 183.136.216.4: 11: [preauth]
Mar 6 09:52:27 raspberrypi sshd[11652]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:27 raspberrypi sshd[11656]: Failed password for root from 103.41.124.37 port 38186 ssh2
Mar 6 09:52:28 raspberrypi sshd[11660]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 6 09:52:28 raspberrypi sshd[11660]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:29 raspberrypi sshd[11656]: Failed password for root from 103.41.124.37 port 38186 ssh2
Mar 6 09:52:30 raspberrypi sshd[11660]: Failed password for root from 218.65.30.107 port 46097 ssh2
Mar 6 09:52:32 raspberrypi sshd[11656]: Failed password for root from 103.41.124.37 port 38186 ssh2
Mar 6 09:52:32 raspberrypi sshd[11664]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:32 raspberrypi sshd[11656]: Received disconnect from 103.41.124.37: 11: [preauth]
Mar 6 09:52:32 raspberrypi sshd[11656]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:32 raspberrypi sshd[11660]: Failed password for root from 218.65.30.107 port 46097 ssh2
Mar 6 09:52:34 raspberrypi sshd[11664]: Failed password for root from 183.136.216.4 port 39557 ssh2
Mar 6 09:52:34 raspberrypi sshd[11668]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:35 raspberrypi sshd[11660]: Failed password for root from 218.65.30.107 port 46097 ssh2
Mar 6 09:52:35 raspberrypi sshd[11660]: Received disconnect from 218.65.30.107: 11: [preauth]
Mar 6 09:52:35 raspberrypi sshd[11660]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:36 raspberrypi sshd[11668]: Failed password for root from 103.41.124.37 port 57632 ssh2
Mar 6 09:52:37 raspberrypi sshd[11664]: Failed password for root from 183.136.216.4 port 39557 ssh2
Mar 6 09:52:37 raspberrypi sshd[11672]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 6 09:52:37 raspberrypi sshd[11672]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:39 raspberrypi sshd[11664]: Failed password for root from 183.136.216.4 port 39557 ssh2
Mar 6 09:52:39 raspberrypi sshd[11672]: Failed password for root from 218.65.30.107 port 37117 ssh2
Mar 6 09:52:39 raspberrypi sshd[11668]: Failed password for root from 103.41.124.37 port 57632 ssh2
Mar 6 09:52:39 raspberrypi sshd[11664]: Received disconnect from 183.136.216.4: 11: [preauth]
Mar 6 09:52:39 raspberrypi sshd[11664]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:41 raspberrypi sshd[11672]: Failed password for root from 218.65.30.107 port 37117 ssh2
Mar 6 09:52:41 raspberrypi sshd[11668]: Failed password for root from 103.41.124.37 port 57632 ssh2
Mar 6 09:52:41 raspberrypi sshd[11668]: Received disconnect from 103.41.124.37: 11: [preauth]
Mar 6 09:52:41 raspberrypi sshd[11668]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:42 raspberrypi sshd[11676]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:44 raspberrypi sshd[11672]: Failed password for root from 218.65.30.107 port 37117 ssh2
Mar 6 09:52:44 raspberrypi sshd[11676]: Failed password for root from 183.136.216.4 port 48437 ssh2
Mar 6 09:52:44 raspberrypi sshd[11680]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:44 raspberrypi sshd[11672]: Received disconnect from 218.65.30.107: 11: [preauth]
Mar 6 09:52:44 raspberrypi sshd[11672]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:46 raspberrypi sshd[11684]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 6 09:52:46 raspberrypi sshd[11680]: Failed password for root from 103.41.124.37 port 50742 ssh2
Mar 6 09:52:46 raspberrypi sshd[11676]: Failed password for root from 183.136.216.4 port 48437 ssh2
Mar 6 09:52:46 raspberrypi sshd[11684]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:48 raspberrypi sshd[11684]: Failed password for root from 218.65.30.107 port 55421 ssh2
Mar 6 09:52:48 raspberrypi sshd[11680]: Failed password for root from 103.41.124.37 port 50742 ssh2
Mar 6 09:52:49 raspberrypi sshd[11676]: Failed password for root from 183.136.216.4 port 48437 ssh2
Mar 6 09:52:49 raspberrypi sshd[11676]: Received disconnect from 183.136.216.4: 11: [preauth]
Mar 6 09:52:49 raspberrypi sshd[11676]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:50 raspberrypi sshd[11680]: Failed password for root from 103.41.124.37 port 50742 ssh2
Mar 6 09:52:50 raspberrypi sshd[11680]: Received disconnect from 103.41.124.37: 11: [preauth]
Mar 6 09:52:50 raspberrypi sshd[11680]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:51 raspberrypi sshd[11684]: Failed password for root from 218.65.30.107 port 55421 ssh2
Mar 6 09:52:52 raspberrypi sshd[11688]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:52:53 raspberrypi sshd[11692]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:52:54 raspberrypi sshd[11684]: Failed password for root from 218.65.30.107 port 55421 ssh2
Mar 6 09:52:54 raspberrypi sshd[11684]: Received disconnect from 218.65.30.107: 11: [preauth]
Mar 6 09:52:54 raspberrypi sshd[11684]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:54 raspberrypi sshd[11688]: Failed password for root from 183.136.216.4 port 49553 ssh2
Mar 6 09:52:55 raspberrypi sshd[11692]: Failed password for root from 103.41.124.37 port 42568 ssh2
Mar 6 09:52:56 raspberrypi sshd[11696]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 6 09:52:56 raspberrypi sshd[11696]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:52:57 raspberrypi sshd[11688]: Failed password for root from 183.136.216.4 port 49553 ssh2
Mar 6 09:52:57 raspberrypi sshd[11692]: Failed password for root from 103.41.124.37 port 42568 ssh2
Mar 6 09:52:58 raspberrypi sshd[11696]: Failed password for root from 218.65.30.107 port 48168 ssh2
Mar 6 09:52:59 raspberrypi sshd[11688]: Failed password for root from 183.136.216.4 port 49553 ssh2
Mar 6 09:52:59 raspberrypi sshd[11692]: Failed password for root from 103.41.124.37 port 42568 ssh2
Mar 6 09:52:59 raspberrypi sshd[11688]: Received disconnect from 183.136.216.4: 11: [preauth]
Mar 6 09:52:59 raspberrypi sshd[11688]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:53:00 raspberrypi sshd[11692]: Received disconnect from 103.41.124.37: 11: [preauth]
Mar 6 09:53:00 raspberrypi sshd[11692]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:53:00 raspberrypi sshd[11696]: Failed password for root from 218.65.30.107 port 48168 ssh2
Mar 6 09:53:02 raspberrypi sshd[11704]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:53:02 raspberrypi sshd[11696]: Failed password for root from 218.65.30.107 port 48168 ssh2
Mar 6 09:53:02 raspberrypi sshd[11700]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:53:03 raspberrypi sshd[11696]: Received disconnect from 218.65.30.107: 11: [preauth]
Mar 6 09:53:03 raspberrypi sshd[11696]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:53:04 raspberrypi sshd[11704]: Failed password for root from 103.41.124.37 port 35315 ssh2
Mar 6 09:53:04 raspberrypi sshd[11700]: Failed password for root from 183.136.216.4 port 52911 ssh2
Mar 6 09:53:06 raspberrypi sshd[11704]: Failed password for root from 103.41.124.37 port 35315 ssh2
Mar 6 09:53:07 raspberrypi sshd[11700]: Failed password for root from 183.136.216.4 port 52911 ssh2
Mar 6 09:53:08 raspberrypi sshd[11708]: reverse mapping checking getaddrinfo for 107.30.65.218.broad.xy.jx.dynamic.163data.com.cn [218.65.30.107] failed - POSSIBLE BREAK-IN ATTEMPT!
Mar 6 09:53:08 raspberrypi sshd[11708]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.65.30.107 user=root
Mar 6 09:53:09 raspberrypi sshd[11704]: Failed password for root from 103.41.124.37 port 35315 ssh2
Mar 6 09:53:09 raspberrypi sshd[11704]: Received disconnect from 103.41.124.37: 11: [preauth]
Mar 6 09:53:09 raspberrypi sshd[11704]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:53:09 raspberrypi sshd[11700]: Failed password for root from 183.136.216.4 port 52911 ssh2
Mar 6 09:53:09 raspberrypi sshd[11700]: Received disconnect from 183.136.216.4: 11: [preauth]
Mar 6 09:53:09 raspberrypi sshd[11700]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:53:10 raspberrypi sshd[11708]: Failed password for root from 218.65.30.107 port 38268 ssh2
Mar 6 09:53:11 raspberrypi sshd[11712]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.41.124.37 user=root
Mar 6 09:53:12 raspberrypi sshd[11708]: Failed password for root from 218.65.30.107 port 38268 ssh2
Mar 6 09:53:13 raspberrypi sshd[11716]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=183.136.216.4 user=root
Mar 6 09:53:13 raspberrypi sshd[11712]: Failed password for root from 103.41.124.37 port 55986 ssh2
Mar 6 09:53:14 raspberrypi sshd[11716]: Failed password for root from 183.136.216.4 port 54550 ssh2
Mar 6 09:53:14 raspberrypi sshd[11708]: Failed password for root from 218.65.30.107 port 38268 ssh2