est-ce une trace de tentative d'intrusion ? - réseaux et sécurité - Linux et OS Alternatifs
Marsh Posté le 18-08-2004 à 09:27:38
/var/log/message si oui que doit-je vérifier ? ... 15 04:02:01 machine prelude: rsend.c:sigpipe_handler:71 : (errno=Success) : Aug 15 04:02:01 machine prelude: PID 30190 caught pipe signal. Aug 15 04:02:01 machine prelude: 219314 packets received by filter. (prelude counted), will reset after 2e64-1. Aug 15 04:02:01 machine prelude: 0 packets dropped by the kernel. Aug 15 04:02:01 machine prelude: Average cpu time by packet : 0.000039s, 0.039122ms, 39.121989us. Aug 15 04:02:01 machine prelude: Page reclaims = 543 Aug 15 04:02:01 machine prelude: Page faults = 4 Aug 15 04:02:01 machine prelude: Swap = 0 Aug 15 04:02:01 machine prelude: HttpMod Aug 15 04:02:01 machine prelude: (infos=http) : Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000003s average Aug 15 04:02:01 machine prelude_report: closing local connection. Aug 15 04:02:01 machine kernel: device eth0 left promiscuous mode Aug 15 04:02:01 machine prelude: RpcMod Aug 15 04:02:01 machine prelude: (infos=rpc) : Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000001s average Aug 15 04:02:01 machine prelude: TelnetMod Aug 15 04:02:01 machine prelude: (infos=telnet) : Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000001s average Aug 15 04:02:01 machine prelude: ArpSpoof Aug 15 04:02:01 machine prelude: (infos=ARP) : Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 3828 time : 0.000006s average Aug 15 04:02:01 machine prelude: ScanDetect Aug 15 04:02:01 machine prelude: (infos=TCP) : Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 207200 time : 0.000002s average Aug 15 04:02:01 machine prelude: ScanDetect Aug 15 04:02:01 machine prelude: (infos=UDP) : Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 8197 time : 0.000024s average Aug 15 04:02:01 machine prelude: Asynchronous I/O subsystem flushed 0 alerts. aoû 15 04:02:02 machine prelude: prelude shutdown succeeded Aug 15 04:02:02 machine prelude_report: Caught signal 15. aoû 15 04:02:02 machine prelude: prelude_report shutdown succeeded Aug 15 04:02:02 machine prelude_report: - Initializing report plugins Aug 15 04:02:02 machine prelude_report: ^IInitialized FileMod. Aug 15 04:02:02 machine prelude_report: htmlmod.c:setup_htmldoc:90 : (errno=No such file or directory) : Aug 15 04:02:02 machine prelude_report: couldn't delete /var/log/prelude/html/latest Aug 15 04:02:02 machine prelude_report: ^IInitialized XmlMod. Aug 15 04:02:02 machine prelude_report: - Starting Prelude Report as a daemon. Aug 15 04:02:02 machine prelude_report: Daemon started, PID is 5060. Aug 15 04:02:02 machine prelude_report: - Starting report server Aug 15 04:02:02 machine prelude_report: ^IStarting Unix report server. aoû 15 04:02:02 machine prelude: prelude_report startup succeeded Aug 15 04:02:02 machine kernel: device eth0 entered promiscuous mode Aug 15 04:02:02 machine prelude: Prelude, (c) 1998 - 2001 Vandoorselaere Yoann. Developed under the GPL license. Aug 15 04:02:02 machine prelude: - Initializing rules engine. Aug 15 04:02:02 machine prelude: - Initializing protocols plugins. Aug 15 04:02:02 machine prelude: ^I^IHttpMod subscribed for "http" protocol handling. Aug 15 04:02:02 machine prelude: ^I^IRpcMod subscribed for "rpc" protocol handling. Aug 15 04:02:02 machine prelude: ^I^ITelnetMod subscribed for "telnet" protocol handling. Aug 15 04:02:02 machine prelude: - Initializing detections plugins. Aug 15 04:02:02 machine prelude: ^I^IArpSpoof subscribing to : "[ Aug 15 04:02:02 machine prelude: ARP Aug 15 04:02:02 machine prelude: ]". Aug 15 04:02:02 machine prelude: ^I^IScanDetect subscribing to : "[ Aug 15 04:02:02 machine prelude: TCP Aug 15 04:02:02 machine prelude: , Aug 15 04:02:02 machine prelude: UDP Aug 15 04:02:02 machine prelude: ]". Aug 15 04:02:02 machine prelude: snort-rules.c:parse_signature_file:355 : (errno=No such file or directory) : Aug 15 04:02:02 machine prelude: error opening '/etc/prelude/prelude.rules'. Aug 15 04:02:02 machine prelude: ^I^ISignature engine added 0 and ignored 0 signature. Aug 15 04:02:02 machine prelude: - Initializing Report Queue. Aug 15 04:02:02 machine prelude: - Starting Prelude as a daemon. Aug 15 04:02:02 machine prelude: Daemon started, PID is 5071. Aug 15 04:02:02 machine prelude: - Initializing connection to report server. Aug 15 04:02:02 machine prelude: ^I- Connecting to Unix prelude report server. Aug 15 04:02:02 machine prelude_report: new local connection. Aug 15 04:02:02 machine prelude: - Initializing packet capture aoû 15 04:02:03 machine prelude: prelude startup succeeded Aug 15 04:22:00 machine CROND[5184]: (root) CMD (run-parts /etc/cron.weekly) Aug 15 04:22:00 machine anacron[5187]: Updated timestamp for job `cron.weekly' to 2004-08-15 Aug 15 04:36:59 machine dhcpd: if IN A xp2400.machine.cf rrset doesn't exist add 43200 IN A xp2400.machine.cf 192.168.0.141: timed out. Aug 15 04:36:59 machine dhcpd: Wrote 75 leases to leases file.
Marsh Posté le 18-08-2004 à 09:31:18
ou verrais tu une tentative d'intrusion ?<cc>
Make sure you enter the(*)required information where indicate.HTML code is not allowed
Marsh Posté le 18-08-2004 à 09:27:38
/var/log/message
si oui que doit-je vérifier ?
...
15 04:02:01 machine prelude: rsend.c:sigpipe_handler:71 : (errno=Success) :
Aug 15 04:02:01 machine prelude: PID 30190 caught pipe signal.
Aug 15 04:02:01 machine prelude: 219314 packets received by filter. (prelude counted), will reset after 2e64-1.
Aug 15 04:02:01 machine prelude: 0 packets dropped by the kernel.
Aug 15 04:02:01 machine prelude: Average cpu time by packet : 0.000039s, 0.039122ms, 39.121989us.
Aug 15 04:02:01 machine prelude: Page reclaims = 543
Aug 15 04:02:01 machine prelude: Page faults = 4
Aug 15 04:02:01 machine prelude: Swap = 0
Aug 15 04:02:01 machine prelude: HttpMod
Aug 15 04:02:01 machine prelude: (infos=http) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000003s average
Aug 15 04:02:01 machine prelude_report: closing local connection.
Aug 15 04:02:01 machine kernel: device eth0 left promiscuous mode
Aug 15 04:02:01 machine prelude: RpcMod
Aug 15 04:02:01 machine prelude: (infos=rpc) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000001s average
Aug 15 04:02:01 machine prelude: TelnetMod
Aug 15 04:02:01 machine prelude: (infos=telnet) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000001s average
Aug 15 04:02:01 machine prelude: ArpSpoof
Aug 15 04:02:01 machine prelude: (infos=ARP) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 3828 time : 0.000006s average
Aug 15 04:02:01 machine prelude: ScanDetect
Aug 15 04:02:01 machine prelude: (infos=TCP) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 207200 time : 0.000002s average
Aug 15 04:02:01 machine prelude: ScanDetect
Aug 15 04:02:01 machine prelude: (infos=UDP) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 8197 time : 0.000024s average
Aug 15 04:02:01 machine prelude: Asynchronous I/O subsystem flushed 0 alerts.
aoû 15 04:02:02 machine prelude: prelude shutdown succeeded
Aug 15 04:02:02 machine prelude_report: Caught signal 15.
aoû 15 04:02:02 machine prelude: prelude_report shutdown succeeded
Aug 15 04:02:02 machine prelude_report: - Initializing report plugins
Aug 15 04:02:02 machine prelude_report: ^IInitialized FileMod.
Aug 15 04:02:02 machine prelude_report: htmlmod.c:setup_htmldoc:90 : (errno=No such file or directory) :
Aug 15 04:02:02 machine prelude_report: couldn't delete /var/log/prelude/html/latest
Aug 15 04:02:02 machine prelude_report: ^IInitialized XmlMod.
Aug 15 04:02:02 machine prelude_report: - Starting Prelude Report as a daemon.
Aug 15 04:02:02 machine prelude_report: Daemon started, PID is 5060.
Aug 15 04:02:02 machine prelude_report: - Starting report server
Aug 15 04:02:02 machine prelude_report: ^IStarting Unix report server.
aoû 15 04:02:02 machine prelude: prelude_report startup succeeded
Aug 15 04:02:02 machine kernel: device eth0 entered promiscuous mode
Aug 15 04:02:02 machine prelude: Prelude, (c) 1998 - 2001 Vandoorselaere Yoann. Developed under the GPL license.
Aug 15 04:02:02 machine prelude: - Initializing rules engine.
Aug 15 04:02:02 machine prelude: - Initializing protocols plugins.
Aug 15 04:02:02 machine prelude: ^I^IHttpMod subscribed for "http" protocol handling.
Aug 15 04:02:02 machine prelude: ^I^IRpcMod subscribed for "rpc" protocol handling.
Aug 15 04:02:02 machine prelude: ^I^ITelnetMod subscribed for "telnet" protocol handling.
Aug 15 04:02:02 machine prelude: - Initializing detections plugins.
Aug 15 04:02:02 machine prelude: ^I^IArpSpoof subscribing to : "[
Aug 15 04:02:02 machine prelude: ARP
Aug 15 04:02:02 machine prelude: ]".
Aug 15 04:02:02 machine prelude: ^I^IScanDetect subscribing to : "[
Aug 15 04:02:02 machine prelude: TCP
Aug 15 04:02:02 machine prelude: ,
Aug 15 04:02:02 machine prelude: UDP
Aug 15 04:02:02 machine prelude: ]".
Aug 15 04:02:02 machine prelude: snort-rules.c:parse_signature_file:355 : (errno=No such file or directory) :
Aug 15 04:02:02 machine prelude: error opening '/etc/prelude/prelude.rules'.
Aug 15 04:02:02 machine prelude: ^I^ISignature engine added 0 and ignored 0 signature.
Aug 15 04:02:02 machine prelude: - Initializing Report Queue.
Aug 15 04:02:02 machine prelude: - Starting Prelude as a daemon.
Aug 15 04:02:02 machine prelude: Daemon started, PID is 5071.
Aug 15 04:02:02 machine prelude: - Initializing connection to report server.
Aug 15 04:02:02 machine prelude: ^I- Connecting to Unix prelude report server.
Aug 15 04:02:02 machine prelude_report: new local connection.
Aug 15 04:02:02 machine prelude: - Initializing packet capture
aoû 15 04:02:03 machine prelude: prelude startup succeeded
Aug 15 04:22:00 machine CROND[5184]: (root) CMD (run-parts /etc/cron.weekly)
Aug 15 04:22:00 machine anacron[5187]: Updated timestamp for job `cron.weekly' to 2004-08-15
Aug 15 04:36:59 machine dhcpd: if IN A xp2400.machine.cf rrset doesn't exist add 43200 IN A xp2400.machine.cf 192.168.0.141: timed out.
Aug 15 04:36:59 machine dhcpd: Wrote 75 leases to leases file.