Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Feb 25 11:53:38 ip-10-53-13-137 sshd[3950]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 11:53:38 ip-10-53-13-137 sshd[3878]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 14:32:29 ip-10-53-13-137 sshd[4898]: Accepted publickey for ec2-user from XXXXXXXXXXX port 53614 ssh2
- Feb 25 14:32:29 ip-10-53-13-137 sshd[4898]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 14:33:55 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/yum vsftpd
- Feb 25 14:34:07 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/bin/yum install vsftpd
- Feb 25 14:34:33 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/bin/nano /etc/vfstpd.conf
- Feb 25 14:35:01 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 14:40:05 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 14:41:32 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/usr/sbin/groupadd ftpusers
- Feb 25 14:41:32 ip-10-53-13-137 groupadd[5076]: group added to /etc/group: name=ftpusers, GID=511
- Feb 25 14:41:32 ip-10-53-13-137 groupadd[5076]: group added to /etc/gshadow: name=ftpusers
- Feb 25 14:41:32 ip-10-53-13-137 groupadd[5076]: new group: name=ftpusers, GID=511
- Feb 25 14:42:34 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/bin/mkdir ftp
- Feb 25 14:43:08 ip-10-53-13-137 sudo: ec2-user : TTY=pts/0 ; PWD=/home ; USER=root ; COMMAND=/bin/mkdir ftp/sc_temp
- Feb 25 14:45:20 ip-10-53-13-137 sshd[5103]: Accepted publickey for ec2-user from XXXXXXXXXXXXXXX port 28603 ssh2
- Feb 25 14:45:20 ip-10-53-13-137 sshd[5103]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 14:45:35 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/sbin/useradd -d /home/ftp/sc_temp -s /usr/sbin/nologin -g ftpusers sc_temp
- Feb 25 14:45:35 ip-10-53-13-137 useradd[5130]: new user: name=sc_temp, UID=510, GID=511, home=/home/ftp/sc_temp, shell=/usr/sbin/nologin
- Feb 25 14:47:09 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/bin/passwd sc_temp
- Feb 25 14:47:58 ip-10-53-13-137 passwd: pam_unix(passwd:chauthtok): password changed for sc_temp
- Feb 25 14:48:51 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/chown -R sc_temp /home/ftp/sc_temp
- Feb 25 14:48:52 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/chmod 775 /home/ftp/sc_temp
- Feb 25 14:49:30 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/user_list
- Feb 25 14:49:58 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 14:50:55 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 14:51:25 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 14:52:21 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 14:52:43 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/etc/init.d/vsftpd restart
- Feb 25 14:53:04 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 14:54:06 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/bin/passwd sc_temp
- Feb 25 14:54:42 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/bin/passwd sc_temp
- Feb 25 14:55:45 ip-10-53-13-137 sshd[5103]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 14:55:49 ip-10-53-13-137 sshd[5235]: Accepted publickey for ec2-user from XXXXXXXXXXX port 36099 ssh2
- Feb 25 14:55:49 ip-10-53-13-137 sshd[5235]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 14:55:53 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/bin/passwd sc_temp
- Feb 25 14:56:09 ip-10-53-13-137 passwd: pam_unix(passwd:chauthtok): password changed for sc_temp
- Feb 25 14:56:38 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/etc/init.d/vsftpd restart
- Feb 25 14:59:13 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/chown -R sc_temp /home/ftp
- Feb 25 14:59:13 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/chmod 775 /home/ftp
- Feb 25 15:01:19 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ftp ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 15:01:57 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ftp ; USER=root ; COMMAND=/etc/init.d/vsftpd restart
- Feb 25 15:02:56 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ftp ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 15:06:10 ip-10-53-13-137 sudo: ec2-user : TTY=pts/1 ; PWD=/home/ftp ; USER=root ; COMMAND=/bin/nano /etc/sysconfig/iptables
- Feb 25 15:08:58 ip-10-53-13-137 sshd[5425]: Accepted publickey for ec2-user from XXXXXXXXXXX port 54436 ssh2
- Feb 25 15:08:58 ip-10-53-13-137 sshd[5425]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 15:09:33 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/sysconfig/iptables-config
- Feb 25 15:11:18 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service iptables restart
- Feb 25 15:11:29 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/sysconfig/iptables
- Feb 25 15:11:39 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service iptables restart
- Feb 25 15:11:44 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service iptables restart
- Feb 25 15:11:45 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/sysconfig/iptables
- Feb 25 15:11:56 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service iptables restart
- Feb 25 15:11:57 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/sysconfig/iptables
- Feb 25 15:12:01 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service iptables restart
- Feb 25 15:12:46 ip-10-53-13-137 sshd[5562]: Accepted publickey for ec2-user from XXXXXXXXXXX port 21870 ssh2
- Feb 25 15:12:46 ip-10-53-13-137 sshd[5562]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 15:12:46 ip-10-53-13-137 sshd[5564]: subsystem request for sftp
- Feb 25 15:14:14 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/sbin/useradd -d /home/ftp/sc_temp -s /usr/sbin/nologin -g ftpusers scuser
- Feb 25 15:14:14 ip-10-53-13-137 useradd[5579]: new user: name=scuser, UID=511, GID=511, home=/home/ftp/sc_temp, shell=/usr/sbin/nologin
- Feb 25 15:14:25 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/sbin/useradd -d /home/ftp/scuser -s /usr/sbin/nologin -g ftpusers scuser
- Feb 25 15:14:25 ip-10-53-13-137 useradd[5585]: failed adding user 'scuser', data deleted
- Feb 25 15:14:41 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/sbin/useradd -d /home/ftp/ftpuser -s /usr/sbin/nologin -g ftpusers ftpuser
- Feb 25 15:14:41 ip-10-53-13-137 useradd[5587]: new user: name=ftpuser, UID=512, GID=511, home=/home/ftp/ftpuser, shell=/usr/sbin/nologin
- Feb 25 15:15:49 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/bin/passwd ftpuser
- Feb 25 15:16:28 ip-10-53-13-137 passwd: pam_unix(passwd:chauthtok): password changed for ftpuser
- Feb 25 15:16:49 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/chown -R ftpuser /home/ftp/ftpuser
- Feb 25 15:16:50 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/chmod 775 /home/ftp/ftpuser
- Feb 25 15:17:25 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/user_list
- Feb 25 15:17:44 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/etc/init.d/vsftpd restart
- Feb 25 15:17:47 ip-10-53-13-137 sshd[5562]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 15:21:12 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service iptables stop
- Feb 25 15:28:12 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/user_list
- Feb 25 15:28:34 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/vsftpd/vsftpd.conf
- Feb 25 15:30:37 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/etc/init.d/vsftpd restart
- Feb 25 15:31:37 ip-10-53-13-137 sshd[5892]: Accepted publickey for ec2-user from XXXXXXXXXXX port 11921 ssh2
- Feb 25 15:31:37 ip-10-53-13-137 sshd[5892]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 15:31:37 ip-10-53-13-137 sshd[5894]: subsystem request for sftp
- Feb 25 15:33:35 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/ls -l alex
- Feb 25 15:33:45 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/ls -l /home/alex
- Feb 25 15:34:06 ip-10-53-13-137 sshd[5915]: Accepted publickey for ec2-user from XXXXXXXXXXX port 33709 ssh2
- Feb 25 15:34:06 ip-10-53-13-137 sshd[5915]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 15:34:06 ip-10-53-13-137 sshd[5917]: subsystem request for sftp
- Feb 25 15:36:58 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:37:18 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/mkdir /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:37:26 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/mkdir /home/ftpuser/.ssh
- Feb 25 15:37:53 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/mkdir /home/ftpuser
- Feb 25 15:38:38 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/mkdir /home/ftpuser/.ssh
- Feb 25 15:38:43 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:38:49 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:38:58 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ec2-user/.ssh/authorized_keys
- Feb 25 15:39:09 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:39:18 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:39:25 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ec2-user/.ssh/authorized_keys
- Feb 25 15:39:48 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/cat /home/ec2-user/.ssh/authorized_keys
- Feb 25 15:39:57 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:40:17 ip-10-53-13-137 sshd[5915]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 15:40:17 ip-10-53-13-137 sshd[6002]: User ftpuser not allowed because shell /usr/sbin/nologin does not exist
- Feb 25 15:40:17 ip-10-53-13-137 sshd[6003]: input_userauth_request: invalid user ftpuser
- Feb 25 15:40:17 ip-10-53-13-137 sshd[6003]: Received disconnect from XXXXXXXXXXX: 14: No supported authentication methods available
- Feb 25 15:40:23 ip-10-53-13-137 sshd[6004]: User ftpuser not allowed because shell /usr/sbin/nologin does not exist
- Feb 25 15:40:23 ip-10-53-13-137 sshd[6005]: input_userauth_request: invalid user ftpuser
- Feb 25 15:40:23 ip-10-53-13-137 sshd[6005]: Received disconnect from XXXXXXXXXXX: 14: No supported authentication methods available
- Feb 25 15:40:55 ip-10-53-13-137 sshd[6006]: User ftpuser not allowed because shell /usr/sbin/nologin does not exist
- Feb 25 15:40:55 ip-10-53-13-137 sshd[6007]: input_userauth_request: invalid user ftpuser
- Feb 25 15:40:55 ip-10-53-13-137 sshd[6007]: Received disconnect from XXXXXXXXXXX: 14: No supported authentication methods available
- Feb 25 15:54:37 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:54:51 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:54:59 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 15:55:15 ip-10-53-13-137 sshd[5892]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 15:55:20 ip-10-53-13-137 sshd[6070]: User ftpuser not allowed because shell /usr/sbin/nologin does not exist
- Feb 25 15:55:20 ip-10-53-13-137 sshd[6071]: input_userauth_request: invalid user ftpuser
- Feb 25 15:55:20 ip-10-53-13-137 sshd[6071]: Received disconnect from XXXXXXXXXXX: 14: No supported authentication methods available
- Feb 25 15:55:49 ip-10-53-13-137 sshd[6072]: Accepted publickey for ec2-user from XXXXXXXXXXX port 41035 ssh2
- Feb 25 15:55:49 ip-10-53-13-137 sshd[6072]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 15:55:49 ip-10-53-13-137 sshd[6074]: subsystem request for sftp
- Feb 25 15:59:15 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Feb 25 15:59:45 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Feb 25 16:04:27 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/ssh/sshd_config
- Feb 25 16:04:59 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service ssh reload
- Feb 25 16:05:05 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service sshd restart
- Feb 25 16:05:06 ip-10-53-13-137 sshd[1131]: Received signal 15; terminating.
- Feb 25 16:05:06 ip-10-53-13-137 sshd[6205]: Server listening on 0.0.0.0 port 22.
- Feb 25 16:05:06 ip-10-53-13-137 sshd[6205]: Server listening on :: port 22.
- Feb 25 16:05:19 ip-10-53-13-137 sshd[6208]: Accepted publickey for ec2-user from XXXXXXXXXXX port 27610 ssh2
- Feb 25 16:05:19 ip-10-53-13-137 sshd[6208]: pam_unix(sshd:session): session opened for user ec2-user by (uid=0)
- Feb 25 16:05:19 ip-10-53-13-137 sshd[6210]: subsystem request for sftp
- Feb 25 16:05:25 ip-10-53-13-137 sshd[6208]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 16:05:25 ip-10-53-13-137 sshd[6222]: User ftpuser not allowed because shell /usr/sbin/nologin does not exist
- Feb 25 16:05:25 ip-10-53-13-137 sshd[6223]: input_userauth_request: invalid user ftpuser
- Feb 25 16:05:25 ip-10-53-13-137 sshd[6223]: Received disconnect from XXXXXXXXXXX: 14: No supported authentication methods available
- Feb 25 16:05:31 ip-10-53-13-137 sshd[6224]: User ftpuser not allowed because shell /usr/sbin/nologin does not exist
- Feb 25 16:05:31 ip-10-53-13-137 sshd[6225]: input_userauth_request: invalid user ftpuser
- Feb 25 16:05:31 ip-10-53-13-137 sshd[6225]: Received disconnect from XXXXXXXXXXX: 14: No supported authentication methods available
- Feb 25 16:06:48 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/ssh/ssh_host_rsa_key
- Feb 25 16:10:07 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano .ssh/authorized_keys
- Feb 25 16:11:31 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano .ssh/authorized_keys
- Feb 25 16:11:42 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano .ssh/authorized_keys
- Feb 25 16:12:18 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano .ssh/authorized_keys
- Feb 25 16:13:03 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /home/ftpuser/.ssh/authorized_keys
- Feb 25 16:13:13 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano .ssh/authorized_keys
- Feb 25 16:14:51 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/httpd/httpd.conf
- Feb 25 16:15:16 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/bin/nano /etc/httpd/conf/httpd.conf
- Feb 25 16:16:15 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/sbin/apachectl -k graceful
- Feb 25 16:18:54 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/usr/sbin/apachectl -k graceful
- Feb 25 16:22:25 ip-10-53-13-137 sudo: ec2-user : TTY=pts/2 ; PWD=/home/ec2-user ; USER=root ; COMMAND=/sbin/service vsftpd stop
- Feb 25 16:22:28 ip-10-53-13-137 sshd[5425]: pam_unix(sshd:session): session closed for user ec2-user
- Feb 25 16:40:40 ip-10-53-13-137 sshd[6473]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:40:40 ip-10-53-13-137 sshd[6473]: fatal: buffer_get_int: buffer error
- Feb 25 16:40:40 ip-10-53-13-137 sshd[6473]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:40:40 ip-10-53-13-137 sshd[6473]: error: cannot write into audit
- Feb 25 16:40:40 ip-10-53-13-137 sshd[6473]: error: cannot write into audit
- Feb 25 16:40:40 ip-10-53-13-137 sshd[6474]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:40:52 ip-10-53-13-137 sshd[6475]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:40:52 ip-10-53-13-137 sshd[6475]: fatal: buffer_get_int: buffer error
- Feb 25 16:40:52 ip-10-53-13-137 sshd[6475]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:40:52 ip-10-53-13-137 sshd[6475]: error: cannot write into audit
- Feb 25 16:40:52 ip-10-53-13-137 sshd[6475]: error: cannot write into audit
- Feb 25 16:40:52 ip-10-53-13-137 sshd[6476]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:41:04 ip-10-53-13-137 sshd[6477]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:41:04 ip-10-53-13-137 sshd[6477]: fatal: buffer_get_int: buffer error
- Feb 25 16:41:04 ip-10-53-13-137 sshd[6477]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:41:04 ip-10-53-13-137 sshd[6477]: error: cannot write into audit
- Feb 25 16:41:04 ip-10-53-13-137 sshd[6477]: error: cannot write into audit
- Feb 25 16:41:04 ip-10-53-13-137 sshd[6478]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:41:16 ip-10-53-13-137 sshd[6479]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:41:16 ip-10-53-13-137 sshd[6479]: fatal: buffer_get_int: buffer error
- Feb 25 16:41:16 ip-10-53-13-137 sshd[6479]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:41:16 ip-10-53-13-137 sshd[6479]: error: cannot write into audit
- Feb 25 16:41:16 ip-10-53-13-137 sshd[6479]: error: cannot write into audit
- Feb 25 16:41:16 ip-10-53-13-137 sshd[6480]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:41:27 ip-10-53-13-137 sshd[6482]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:41:27 ip-10-53-13-137 sshd[6482]: fatal: buffer_get_int: buffer error
- Feb 25 16:41:27 ip-10-53-13-137 sshd[6482]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:41:27 ip-10-53-13-137 sshd[6482]: error: cannot write into audit
- Feb 25 16:41:27 ip-10-53-13-137 sshd[6482]: error: cannot write into audit
- Feb 25 16:41:27 ip-10-53-13-137 sshd[6483]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:41:39 ip-10-53-13-137 sshd[6484]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:41:39 ip-10-53-13-137 sshd[6484]: fatal: buffer_get_int: buffer error
- Feb 25 16:41:39 ip-10-53-13-137 sshd[6484]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:41:39 ip-10-53-13-137 sshd[6484]: error: cannot write into audit
- Feb 25 16:41:39 ip-10-53-13-137 sshd[6484]: error: cannot write into audit
- Feb 25 16:41:39 ip-10-53-13-137 sshd[6485]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:41:50 ip-10-53-13-137 sshd[6486]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:41:50 ip-10-53-13-137 sshd[6486]: fatal: buffer_get_int: buffer error
- Feb 25 16:41:50 ip-10-53-13-137 sshd[6486]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:41:50 ip-10-53-13-137 sshd[6486]: error: cannot write into audit
- Feb 25 16:41:50 ip-10-53-13-137 sshd[6486]: error: cannot write into audit
- Feb 25 16:41:50 ip-10-53-13-137 sshd[6487]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:42:02 ip-10-53-13-137 sshd[6488]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:42:02 ip-10-53-13-137 sshd[6488]: fatal: buffer_get_int: buffer error
- Feb 25 16:42:02 ip-10-53-13-137 sshd[6488]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:42:02 ip-10-53-13-137 sshd[6488]: error: cannot write into audit
- Feb 25 16:42:02 ip-10-53-13-137 sshd[6488]: error: cannot write into audit
- Feb 25 16:42:02 ip-10-53-13-137 sshd[6489]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:42:14 ip-10-53-13-137 sshd[6490]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:42:14 ip-10-53-13-137 sshd[6490]: fatal: buffer_get_int: buffer error
- Feb 25 16:42:14 ip-10-53-13-137 sshd[6490]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:42:14 ip-10-53-13-137 sshd[6490]: error: cannot write into audit
- Feb 25 16:42:14 ip-10-53-13-137 sshd[6490]: error: cannot write into audit
- Feb 25 16:42:14 ip-10-53-13-137 sshd[6491]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:42:26 ip-10-53-13-137 sshd[6493]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:42:26 ip-10-53-13-137 sshd[6493]: fatal: buffer_get_int: buffer error
- Feb 25 16:42:26 ip-10-53-13-137 sshd[6493]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:42:26 ip-10-53-13-137 sshd[6493]: error: cannot write into audit
- Feb 25 16:42:26 ip-10-53-13-137 sshd[6493]: error: cannot write into audit
- Feb 25 16:42:26 ip-10-53-13-137 sshd[6494]: fatal: mm_request_send: write: Broken pipe
- Feb 25 16:42:38 ip-10-53-13-137 sshd[6495]: error: buffer_get_ret: trying to get more bytes 4 than in buffer 0
- Feb 25 16:42:38 ip-10-53-13-137 sshd[6495]: fatal: buffer_get_int: buffer error
- Feb 25 16:42:38 ip-10-53-13-137 sshd[6495]: PAM audit_log_acct_message() failed: Operation not permitted
- Feb 25 16:42:38 ip-10-53-13-137 sshd[6495]: error: cannot write into audit
- Feb 25 16:42:38 ip-10-53-13-137 sshd[6495]: error: cannot write into audit
- Feb 25 16:42:38 ip-10-53-13-137 sshd[6496]: fatal: mm_request_send: write: Broken pipe
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement