Error logs and what action to take
This is part of my log file.
I am a newbie at this server lark and was wondering, what action I should take or is the server security doing it's job and no action required?
May 2 05:56:48 server1 PAM-hulk[12779]: Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED
May 2 05:56:50 server1 PAM-hulk[12786]: Brute force detection active: 580 LOGIN DENIED -- TOO MANY FAILURES -- IP TEMP BANNED
May 2 05:57:19 server1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
May 2 05:57:19 server1 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__KLmMgQetGfiIAG2nBI2tcIDf3RFCTomjC6E0E4rTNsrvUyEiLhc9fX5ofbvs50fn is now logged in
May 2 05:57:20 server1 pure-ftpd: (__cpanel__service__auth__ftpd__KLmMgQetGfiIAG2nBI2tcIDf3RFCTomjC6E0E4rTNsrvUyEiLhc9fX5ofbvs50fn@127.0.0.1) [INFO] Logout.
May 2 06:02:20 server1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
May 2 06:02:21 server1 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__U18suvQakJ4dPj8TvMFXZN7n3gudP6YZ2L6M6m6xMEH3PBBguiNLjNeGz8DMEPpL is now logged in
May 2 06:02:21 server1 pure-ftpd: (__cpanel__service__auth__ftpd__U18suvQakJ4dPj8TvMFXZN7n3gudP6YZ2L6M6m6xMEH3PBBguiNLjNeGz8DMEPpL@127.0.0.1) [INFO] Logout.
May 2 06:07:21 server1 pure-ftpd: (?@127.0.0.1) [INFO] New connection from 127.0.0.1
May 2 06:07:22 server1 pure-ftpd: (?@127.0.0.1) [INFO] __cpanel__service__auth__ftpd__3NsHrTwqe5Nx_3NlIC4C0JFquXz8lvNMaOzEGnsvovqNBy0nUA04aZSsG2F27q5o is now logged in-
The first 2 lines show cPHulk is doing its job. The rest is normal and can be ignored, server is checking services. 0 -
Thanks for that - I will look into what cPHulk does as it appears to be my friend. Checking syntax of the code tags0 -
I have been looking for a way to empty the var/log/messages file or better still, just leave the last 200/300 lines. I can find plenty of examples of 'rm' but I don't want to delete the file. 0 -
I suggest keeping the log entries unless you are short on disk space. That being said, you could setup LogRotate to rotate /var/log/messages once it reaches a certain size. Thank you. 0 -
Thanks, I will look into logrotate as it sounds like a better solution. 0
Please sign in to leave a comment.
Comments
5 comments