root@demo:~# tail -n 100 /var/log/auth.logMay 22 14:36:18 demo sshd[6242]: pam

1. root@demo:~# tail -n 100 /var/log/auth.log
2. May 22 14:36:18 demo sshd[6242]: pam_unix(sshd:session): session opened for user ivan by (uid=0)
3. May 22 14:36:18 demo sshd[6240]: Failed password for root from 58.218.204.46 port 42976 ssh2
4. May 22 14:36:21 demo sshd[6240]: Failed password for root from 58.218.204.46 port 42976 ssh2
5. May 22 14:36:21 demo sshd[6240]: Received disconnect from 58.218.204.46: 11: [preauth]
6. May 22 14:36:21 demo sshd[6240]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
7. May 22 14:36:24 demo sshd[6293]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
8. May 22 14:36:26 demo sshd[6293]: Failed password for root from 58.218.204.46 port 36969 ssh2
9. May 22 14:36:29 demo sshd[6293]: Failed password for root from 58.218.204.46 port 36969 ssh2
10. May 22 14:36:36 demo sshd[6293]: Failed password for root from 58.218.204.46 port 36969 ssh2
11. May 22 14:36:36 demo sshd[6293]: Received disconnect from 58.218.204.46: 11: [preauth]
12. May 22 14:36:36 demo sshd[6293]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
13. May 22 14:36:39 demo sshd[6309]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
14. May 22 14:36:41 demo sshd[6309]: Failed password for root from 58.218.204.46 port 33589 ssh2
15. May 22 14:36:42 demo sshd[6309]: Failed password for root from 58.218.204.46 port 33589 ssh2
16. May 22 14:36:45 demo sshd[6309]: Failed password for root from 58.218.204.46 port 33589 ssh2
17. May 22 14:36:46 demo sshd[6309]: Received disconnect from 58.218.204.46: 11: [preauth]
18. May 22 14:36:46 demo sshd[6309]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
19. May 22 14:36:49 demo sshd[6314]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
20. May 22 14:36:51 demo sshd[6314]: Failed password for root from 58.218.204.46 port 51686 ssh2
21. May 22 14:36:53 demo sshd[6314]: Failed password for root from 58.218.204.46 port 51686 ssh2
22. May 22 14:36:56 demo sshd[6314]: Failed password for root from 58.218.204.46 port 51686 ssh2
23. May 22 14:36:57 demo sshd[6314]: Received disconnect from 58.218.204.46: 11: [preauth]
24. May 22 14:36:57 demo sshd[6314]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
25. May 22 14:37:08 demo sshd[6319]: Received disconnect from 58.218.204.46: 11: [preauth]
26. May 22 14:37:11 demo sshd[6323]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
27. May 22 14:37:13 demo sshd[6323]: Failed password for root from 58.218.204.46 port 56861 ssh2
28. May 22 14:37:15 demo sshd[6323]: Failed password for root from 58.218.204.46 port 56861 ssh2
29. May 22 14:37:17 demo sshd[6323]: Failed password for root from 58.218.204.46 port 56861 ssh2
30. May 22 14:37:18 demo sshd[6323]: Received disconnect from 58.218.204.46: 11: [preauth]
31. May 22 14:37:18 demo sshd[6323]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
32. May 22 14:37:21 demo sshd[6327]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
33. May 22 14:37:23 demo sshd[6327]: Failed password for root from 58.218.204.46 port 48116 ssh2
34. May 22 14:37:25 demo sshd[6327]: Failed password for root from 58.218.204.46 port 48116 ssh2
35. May 22 14:37:27 demo sshd[6327]: Failed password for root from 58.218.204.46 port 48116 ssh2
36. May 22 14:37:28 demo sshd[6327]: Received disconnect from 58.218.204.46: 11: [preauth]
37. May 22 14:37:28 demo sshd[6327]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
38. May 22 14:37:33 demo sshd[6332]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
39. May 22 14:37:35 demo sshd[6332]: Failed password for root from 58.218.204.46 port 40678 ssh2
40. May 22 14:37:39 demo sshd[6332]: Failed password for root from 58.218.204.46 port 40678 ssh2
41. May 22 14:37:41 demo sshd[6332]: Failed password for root from 58.218.204.46 port 40678 ssh2
42. May 22 14:37:41 demo sshd[6332]: Received disconnect from 58.218.204.46: 11: [preauth]
43. May 22 14:37:41 demo sshd[6332]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
44. May 22 14:37:43 demo sshd[6336]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
45. May 22 14:37:45 demo sshd[6336]: Failed password for root from 58.218.204.46 port 39637 ssh2
46. May 22 14:37:47 demo sshd[6336]: Failed password for root from 58.218.204.46 port 39637 ssh2
47. May 22 14:37:49 demo sshd[6336]: Failed password for root from 58.218.204.46 port 39637 ssh2
48. May 22 14:37:50 demo sshd[6336]: Received disconnect from 58.218.204.46: 11: [preauth]
49. May 22 14:37:50 demo sshd[6336]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
50. May 22 14:37:52 demo sshd[6340]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
51. May 22 14:37:54 demo sshd[6340]: Failed password for root from 58.218.204.46 port 57254 ssh2
52. May 22 14:37:57 demo sshd[6340]: Failed password for root from 58.218.204.46 port 57254 ssh2
53. May 22 14:37:59 demo sshd[6340]: Failed password for root from 58.218.204.46 port 57254 ssh2
54. May 22 14:38:00 demo sshd[6340]: Received disconnect from 58.218.204.46: 11: [preauth]
55. May 22 14:38:00 demo sshd[6340]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
56. May 22 14:38:03 demo sshd[6344]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
57. May 22 14:38:06 demo sshd[6344]: Failed password for root from 58.218.204.46 port 49478 ssh2
58. May 22 14:38:08 demo sshd[6344]: Failed password for root from 58.218.204.46 port 49478 ssh2
59. May 22 14:38:12 demo sshd[6344]: Failed password for root from 58.218.204.46 port 49478 ssh2
60. May 22 14:38:12 demo sshd[6344]: Received disconnect from 58.218.204.46: 11: [preauth]
61. May 22 14:38:12 demo sshd[6344]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
62. May 22 14:38:16 demo sshd[6348]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
63. May 22 14:38:18 demo sshd[6348]: Failed password for root from 58.218.204.46 port 44746 ssh2
64. May 22 14:38:20 demo sshd[6348]: Failed password for root from 58.218.204.46 port 44746 ssh2
65. May 22 14:38:22 demo sshd[6348]: Failed password for root from 58.218.204.46 port 44746 ssh2
66. May 22 14:38:22 demo sshd[6348]: Received disconnect from 58.218.204.46: 11: [preauth]
67. May 22 14:38:22 demo sshd[6348]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
68. May 22 14:38:24 demo sshd[6352]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
69. May 22 14:38:26 demo sshd[6352]: Failed password for root from 58.218.204.46 port 38519 ssh2
70. May 22 14:38:29 demo sshd[6352]: Failed password for root from 58.218.204.46 port 38519 ssh2
71. May 22 14:38:31 demo sshd[6352]: Failed password for root from 58.218.204.46 port 38519 ssh2
72. May 22 14:38:31 demo sshd[6352]: Received disconnect from 58.218.204.46: 11: [preauth]
73. May 22 14:38:31 demo sshd[6352]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
74. May 22 14:38:33 demo sshd[6356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
75. May 22 14:38:35 demo sshd[6356]: Failed password for root from 58.218.204.46 port 59068 ssh2
76. May 22 14:38:38 demo sshd[6356]: Failed password for root from 58.218.204.46 port 59068 ssh2
77. May 22 14:38:40 demo sshd[6356]: Failed password for root from 58.218.204.46 port 59068 ssh2
78. May 22 14:38:41 demo sshd[6356]: Received disconnect from 58.218.204.46: 11: [preauth]
79. May 22 14:38:41 demo sshd[6356]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=58.218.204.46 user=root
80. May 22 14:39:01 demo CRON[6364]: pam_unix(cron:session): session opened for user root by (uid=0)
81. May 22 14:39:01 demo CRON[6364]: pam_unix(cron:session): session closed for user root
82. May 22 14:39:54 demo sshd[5000]: pam_unix(sshd:session): session closed for user root
83. May 22 14:43:50 demo sshd[6493]: Invalid user jannine from 191.237.2.80
84. May 22 14:43:50 demo sshd[6493]: input_userauth_request: invalid user jannine [preauth]
85. May 22 14:43:50 demo sshd[6493]: pam_unix(sshd:auth): check pass; user unknown
86. May 22 14:43:50 demo sshd[6493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=191.237.2.80
87. May 22 14:43:51 demo sshd[6493]: Failed password for invalid user jannine from 191.237.2.80 port 20808 ssh2
88. May 22 14:43:52 demo sshd[6493]: Connection closed by 191.237.2.80 [preauth]
89. May 22 14:44:18 demo su[6501]: Successful su for root by www-data
90. May 22 14:44:18 demo su[6501]: + /dev/pts/3 www-data:root
91. May 22 14:44:18 demo su[6501]: pam_unix(su:session): session opened for user root by (uid=33)
92. May 22 14:45:10 demo sshd[6513]: reverse mapping checking getaddrinfo for 134-249-142-57-gprs.kyivstar.net [134.249.142.57] failed - POSSIBLE BREAK-IN ATTEMPT!
93. May 22 14:45:10 demo sshd[6513]: Accepted publickey for root from 134.249.142.57 port 53500 ssh2
94. May 22 14:45:10 demo sshd[6513]: pam_unix(sshd:session): session opened for user root by (uid=0)
95. May 22 14:45:10 demo su[6501]: pam_unix(su:session): session closed for user root
96. May 22 14:45:28 demo su[6563]: Successful su for root by ivan
97. May 22 14:45:28 demo su[6563]: + /dev/pts/2 ivan:root
98. May 22 14:45:28 demo su[6563]: pam_unix(su:session): session opened for user root by ivan(uid=33)
99. May 22 14:46:52 demo sshd[6599]: fatal: Missing privilege separation directory: /var/run/sshd
100. May 22 14:46:55 demo sshd[6602]: fatal: Missing privilege separation directory: /var/run/sshd
101. May 22 14:46:59 demo sshd[6603]: fatal: Missing privilege separation directory: /var/run/sshd