est-ce une trace de tentative d'intrusion ?
est-ce une trace de tentative d'intrusion ? - réseaux et sécurité - Linux et OS Alternatifs
Sujets relatifs:
- [APACHE] connexion refusée lors de la tentative de contact à localhost
- [gnuplot] tracé entre deux fichiers...
- Detecteur d'intrusion sur linux , gerer ses log iptables ?
- [tentative de topic unique] source.list des différents apt
- Tentative d'intrusion ou problème système?
- ADSL+Alcatel sth->stp+Linux--->ça trace!!!
- gros gros pb suite à un tentative d'installation de linux
- disque non visible apres une tentative d'install de Linux
- Intrusion Nvidia
Marsh Posté le 18-08-2004 à 09:27:38
/var/log/message
si oui que doit-je vérifier ?
...
15 04:02:01 machine prelude: rsend.c:sigpipe_handler:71 : (errno=Success) :
Aug 15 04:02:01 machine prelude: PID 30190 caught pipe signal.
Aug 15 04:02:01 machine prelude: 219314 packets received by filter. (prelude counted), will reset after 2e64-1.
Aug 15 04:02:01 machine prelude: 0 packets dropped by the kernel.
Aug 15 04:02:01 machine prelude: Average cpu time by packet : 0.000039s, 0.039122ms, 39.121989us.
Aug 15 04:02:01 machine prelude: Page reclaims = 543
Aug 15 04:02:01 machine prelude: Page faults = 4
Aug 15 04:02:01 machine prelude: Swap = 0
Aug 15 04:02:01 machine prelude: HttpMod
Aug 15 04:02:01 machine prelude: (infos=http) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000003s average
Aug 15 04:02:01 machine prelude_report: closing local connection.
Aug 15 04:02:01 machine kernel: device eth0 left promiscuous mode
Aug 15 04:02:01 machine prelude: RpcMod
Aug 15 04:02:01 machine prelude: (infos=rpc) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000001s average
Aug 15 04:02:01 machine prelude: TelnetMod
Aug 15 04:02:01 machine prelude: (infos=telnet) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 196793 time : 0.000001s average
Aug 15 04:02:01 machine prelude: ArpSpoof
Aug 15 04:02:01 machine prelude: (infos=ARP) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 3828 time : 0.000006s average
Aug 15 04:02:01 machine prelude: ScanDetect
Aug 15 04:02:01 machine prelude: (infos=TCP) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 207200 time : 0.000002s average
Aug 15 04:02:01 machine prelude: ScanDetect
Aug 15 04:02:01 machine prelude: (infos=UDP) :
Aug 15 04:02:01 machine prelude: ^I^I- plugin: called 8197 time : 0.000024s average
Aug 15 04:02:01 machine prelude: Asynchronous I/O subsystem flushed 0 alerts.
aoû 15 04:02:02 machine prelude: prelude shutdown succeeded
Aug 15 04:02:02 machine prelude_report: Caught signal 15.
aoû 15 04:02:02 machine prelude: prelude_report shutdown succeeded
Aug 15 04:02:02 machine prelude_report: - Initializing report plugins
Aug 15 04:02:02 machine prelude_report: ^IInitialized FileMod.
Aug 15 04:02:02 machine prelude_report: htmlmod.c:setup_htmldoc:90 : (errno=No such file or directory) :
Aug 15 04:02:02 machine prelude_report: couldn't delete /var/log/prelude/html/latest
Aug 15 04:02:02 machine prelude_report: ^IInitialized XmlMod.
Aug 15 04:02:02 machine prelude_report: - Starting Prelude Report as a daemon.
Aug 15 04:02:02 machine prelude_report: Daemon started, PID is 5060.
Aug 15 04:02:02 machine prelude_report: - Starting report server
Aug 15 04:02:02 machine prelude_report: ^IStarting Unix report server.
aoû 15 04:02:02 machine prelude: prelude_report startup succeeded
Aug 15 04:02:02 machine kernel: device eth0 entered promiscuous mode
Aug 15 04:02:02 machine prelude: Prelude, (c) 1998 - 2001 Vandoorselaere Yoann. Developed under the GPL license.
Aug 15 04:02:02 machine prelude: - Initializing rules engine.
Aug 15 04:02:02 machine prelude: - Initializing protocols plugins.
Aug 15 04:02:02 machine prelude: ^I^IHttpMod subscribed for "http" protocol handling.
Aug 15 04:02:02 machine prelude: ^I^IRpcMod subscribed for "rpc" protocol handling.
Aug 15 04:02:02 machine prelude: ^I^ITelnetMod subscribed for "telnet" protocol handling.
Aug 15 04:02:02 machine prelude: - Initializing detections plugins.
Aug 15 04:02:02 machine prelude: ^I^IArpSpoof subscribing to : "[
Aug 15 04:02:02 machine prelude: ARP
Aug 15 04:02:02 machine prelude: ]".
Aug 15 04:02:02 machine prelude: ^I^IScanDetect subscribing to : "[
Aug 15 04:02:02 machine prelude: TCP
Aug 15 04:02:02 machine prelude: ,
Aug 15 04:02:02 machine prelude: UDP
Aug 15 04:02:02 machine prelude: ]".
Aug 15 04:02:02 machine prelude: snort-rules.c:parse_signature_file:355 : (errno=No such file or directory) :
Aug 15 04:02:02 machine prelude: error opening '/etc/prelude/prelude.rules'.
Aug 15 04:02:02 machine prelude: ^I^ISignature engine added 0 and ignored 0 signature.
Aug 15 04:02:02 machine prelude: - Initializing Report Queue.
Aug 15 04:02:02 machine prelude: - Starting Prelude as a daemon.
Aug 15 04:02:02 machine prelude: Daemon started, PID is 5071.
Aug 15 04:02:02 machine prelude: - Initializing connection to report server.
Aug 15 04:02:02 machine prelude: ^I- Connecting to Unix prelude report server.
Aug 15 04:02:02 machine prelude_report: new local connection.
Aug 15 04:02:02 machine prelude: - Initializing packet capture
aoû 15 04:02:03 machine prelude: prelude startup succeeded
Aug 15 04:22:00 machine CROND[5184]: (root) CMD (run-parts /etc/cron.weekly)
Aug 15 04:22:00 machine anacron[5187]: Updated timestamp for job `cron.weekly' to 2004-08-15
Aug 15 04:36:59 machine dhcpd: if IN A xp2400.machine.cf rrset doesn't exist add 43200 IN A xp2400.machine.cf 192.168.0.141: timed out.
Aug 15 04:36:59 machine dhcpd: Wrote 75 leases to leases file.