May 7 13:40:01 mygentoo CROND[4347]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 13:40:22 mygentoo su[4436]: Successful su for root by josephlaptop May 7 13:40:22 mygentoo su[4436]: + /dev/pts/0 josephlaptop:root May 7 13:40:22 mygentoo su[4436]: pam_unix(su:session): session opened for user root by (uid=1000) May 7 13:45:13 mygentoo su[4436]: pam_unix(su:session): session closed for user root May 7 13:45:14 mygentoo login[4202]: pam_unix(login:session): session closed for user josephlaptop May 7 13:45:38 mygentoo login[5268]: pam_unix(login:session): session opened for user josephlaptop by LOGIN(uid=0) May 7 13:45:47 mygentoo su[5390]: Successful su for root by josephlaptop May 7 13:45:47 mygentoo su[5390]: + /dev/pts/0 josephlaptop:root May 7 13:45:47 mygentoo su[5390]: pam_unix(su:session): session opened for user root by (uid=1000) May 7 13:50:01 mygentoo CROND[7282]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 13:50:01 mygentoo CROND[7281]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 13:52:04 mygentoo kernel: perf: interrupt took too long (2508 > 2500), lowering kernel.perf_event_max_sample_rate to 79000 May 7 13:54:01 mygentoo kernel: wlp2s0: authenticate with a0:91:69:d7:f6:bd May 7 13:54:01 mygentoo kernel: wlp2s0: send auth to a0:91:69:d7:f6:bd (try 1/3) May 7 13:54:01 mygentoo kernel: wlp2s0: authenticated May 7 13:54:01 mygentoo kernel: wlp2s0: associate with a0:91:69:d7:f6:bd (try 1/3) May 7 13:54:01 mygentoo kernel: wlp2s0: RX AssocResp from a0:91:69:d7:f6:bd (capab=0x8431 status=0 aid=2) May 7 13:54:01 mygentoo kernel: wlp2s0: associated May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: carrier acquired May 7 13:54:01 mygentoo kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready May 7 13:54:01 mygentoo wpa_cli[8614]: interface wlp2s0 CONNECTED May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: adding address fe80::cae6:4ae2:97b3:1111 May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: IAID d6:cc:fb:3a May 7 13:54:01 mygentoo dhcpcd[8752]: sending commands to master dhcpcd process May 7 13:54:01 mygentoo dhcpcd[3920]: control command: dhcpcd -m 2003 wlp2s0 May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: soliciting an IPv6 router May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: soliciting a DHCP lease May 7 13:54:02 mygentoo snort[8870]: Found pid path directive (/var/run/snort) May 7 13:54:02 mygentoo snort[8870]: Running in IDS mode May 7 13:54:02 mygentoo snort[8870]: May 7 13:54:02 mygentoo snort[8870]: --== Initializing Snort ==-- May 7 13:54:02 mygentoo snort[8870]: Initializing Output Plugins! May 7 13:54:02 mygentoo snort[8870]: Initializing Preprocessors! May 7 13:54:02 mygentoo snort[8870]: Initializing Plug-ins! May 7 13:54:02 mygentoo snort[8870]: Parsing Rules file "/etc/snort/snort.conf" May 7 13:54:03 mygentoo snort[8870]: PortVar 'HTTP_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: PortVar 'SHELLCODE_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 0:79 81:65535 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: PortVar 'ORACLE_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 1024:65535 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: PortVar 'SSH_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 22 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: PortVar 'FTP_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 21 2100 3535 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: PortVar 'SIP_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 5060:5061 5600 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: PortVar 'FILE_DATA_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: PortVar 'GTP_PORTS' defined : May 7 13:54:03 mygentoo snort[8870]: [ 2123 2152 3386 ] May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: Detection: May 7 13:54:03 mygentoo snort[8870]: Search-Method = AC-Full-Q May 7 13:54:03 mygentoo snort[8870]: Split Any/Any group = enabled May 7 13:54:03 mygentoo snort[8870]: Search-Method-Optimizations = enabled May 7 13:54:03 mygentoo snort[8870]: Maximum pattern length = 20 May 7 13:54:03 mygentoo snort[8870]: Found pid path directive (/var/run/snort) May 7 13:54:03 mygentoo snort[8870]: Tagged Packet Limit: 256 May 7 13:54:03 mygentoo snort[8870]: Loading dynamic engine /usr/lib64/snort_dynamicengine/libsf_engine.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading all dynamic detection libs from /usr/lib64/snort_dynamicrules... May 7 13:54:03 mygentoo snort[8870]: WARNING: No dynamic libraries found in directory /usr/lib64/snort_dynamicrules. May 7 13:54:03 mygentoo snort[8870]: Finished Loading all dynamic detection libs from /usr/lib64/snort_dynamicrules May 7 13:54:03 mygentoo snort[8870]: Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor... May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dce2_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_gtp_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_pop_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dns_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssl_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssh_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_imap_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_sip_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dnp3_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_sdf_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_smtp_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_reputation_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_modbus_preproc.so... May 7 13:54:03 mygentoo snort[8870]: done May 7 13:54:03 mygentoo snort[8870]: Finished Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor May 7 13:54:03 mygentoo snort[8870]: Log directory = /var/log/snort/ May 7 13:54:03 mygentoo snort[8870]: WARNING: ip4 normalizations disabled because not inline. May 7 13:54:03 mygentoo snort[8870]: WARNING: tcp normalizations disabled because not inline. May 7 13:54:03 mygentoo snort[8870]: WARNING: icmp4 normalizations disabled because not inline. May 7 13:54:03 mygentoo snort[8870]: WARNING: ip6 normalizations disabled because not inline. May 7 13:54:03 mygentoo snort[8870]: WARNING: icmp6 normalizations disabled because not inline. May 7 13:54:03 mygentoo snort[8870]: Frag3 global config: May 7 13:54:03 mygentoo snort[8870]: Max frags: 65536 May 7 13:54:03 mygentoo snort[8870]: Fragment memory cap: 4194304 bytes May 7 13:54:03 mygentoo snort[8870]: Frag3 engine config: May 7 13:54:03 mygentoo snort[8870]: Bound Address: default May 7 13:54:03 mygentoo snort[8870]: Target-based policy: WINDOWS May 7 13:54:03 mygentoo snort[8870]: Fragment timeout: 180 seconds May 7 13:54:03 mygentoo snort[8870]: Fragment min_ttl: 1 May 7 13:54:03 mygentoo snort[8870]: Fragment Anomalies: Alert May 7 13:54:03 mygentoo snort[8870]: Overlap Limit: 10 May 7 13:54:03 mygentoo snort[8870]: Min fragment Length: 100 May 7 13:54:03 mygentoo snort[8870]: Max Expected Streams: 768 May 7 13:54:03 mygentoo snort[8870]: Stream global config: May 7 13:54:03 mygentoo snort[8870]: Track TCP sessions: ACTIVE May 7 13:54:03 mygentoo snort[8870]: Max TCP sessions: 262144 May 7 13:54:03 mygentoo snort[8870]: TCP cache pruning timeout: 30 seconds May 7 13:54:03 mygentoo snort[8870]: TCP cache nominal timeout: 3600 seconds May 7 13:54:03 mygentoo snort[8870]: Memcap (for reassembly packet storage): 8388608 May 7 13:54:03 mygentoo snort[8870]: Track UDP sessions: ACTIVE May 7 13:54:03 mygentoo snort[8870]: Max UDP sessions: 131072 May 7 13:54:03 mygentoo snort[8870]: UDP cache pruning timeout: 30 seconds May 7 13:54:03 mygentoo snort[8870]: UDP cache nominal timeout: 180 seconds May 7 13:54:03 mygentoo snort[8870]: Track ICMP sessions: INACTIVE May 7 13:54:03 mygentoo snort[8870]: Track IP sessions: INACTIVE May 7 13:54:03 mygentoo snort[8870]: Log info if session memory consumption exceeds 1048576 May 7 13:54:03 mygentoo snort[8870]: Send up to 2 active responses May 7 13:54:03 mygentoo snort[8870]: Wait at least 5 seconds between responses May 7 13:54:03 mygentoo snort[8870]: Protocol Aware Flushing: ACTIVE May 7 13:54:03 mygentoo snort[8870]: Maximum Flush Point: 16000 May 7 13:54:03 mygentoo snort[8870]: Stream TCP Policy config: May 7 13:54:03 mygentoo snort[8870]: Bound Address: default May 7 13:54:03 mygentoo snort[8870]: Reassembly Policy: WINDOWS May 7 13:54:03 mygentoo snort[8870]: Timeout: 180 seconds May 7 13:54:03 mygentoo snort[8870]: Limit on TCP Overlaps: 10 May 7 13:54:03 mygentoo snort[8870]: Maximum number of bytes to queue per session: 1048576 May 7 13:54:03 mygentoo snort[8870]: Maximum number of segs to queue per session: 2621 May 7 13:54:03 mygentoo snort[8870]: Options: May 7 13:54:03 mygentoo snort[8870]: Require 3-Way Handshake: YES May 7 13:54:03 mygentoo snort[8870]: 3-Way Handshake Timeout: 180 May 7 13:54:03 mygentoo snort[8870]: Detect Anomalies: YES May 7 13:54:03 mygentoo snort[8870]: Reassembly Ports: May 7 13:54:03 mygentoo snort[8870]: 21 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 22 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 23 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 25 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 42 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 53 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 79 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 80 client (Footprint) server (Footprint) May 7 13:54:03 mygentoo snort[8870]: 81 client (Footprint) server (Footprint) May 7 13:54:03 mygentoo snort[8870]: 109 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 110 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 111 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 113 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 119 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 135 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 136 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 137 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 139 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 143 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: 161 client (Footprint) May 7 13:54:03 mygentoo snort[8870]: additional ports configured but not printed. May 7 13:54:03 mygentoo snort[8870]: Stream UDP Policy config: May 7 13:54:03 mygentoo snort[8870]: Timeout: 180 seconds May 7 13:54:03 mygentoo snort[8870]: HttpInspect Config: May 7 13:54:03 mygentoo snort[8870]: GLOBAL CONFIG May 7 13:54:03 mygentoo snort[8870]: Detect Proxy Usage: NO May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map Filename: /etc/snort/unicode.map May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map Codepage: 1252 May 7 13:54:03 mygentoo snort[8870]: Memcap used for logging URI and Hostname: 150994944 May 7 13:54:03 mygentoo snort[8870]: Max Gzip Memory: 838860 May 7 13:54:03 mygentoo snort[8870]: Max Gzip Sessions: 1613 May 7 13:54:03 mygentoo snort[8870]: Gzip Compress Depth: 65535 May 7 13:54:03 mygentoo snort[8870]: Gzip Decompress Depth: 65535 May 7 13:54:03 mygentoo snort[8870]: DEFAULT SERVER CONFIG: May 7 13:54:03 mygentoo snort[8870]: Server profile: All May 7 13:54:03 mygentoo snort[8870]: Ports (PAF): 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555 May 7 13:54:03 mygentoo snort[8870]: Server Flow Depth: 0 May 7 13:54:03 mygentoo snort[8870]: Client Flow Depth: 0 May 7 13:54:03 mygentoo snort[8870]: Max Chunk Length: 500000 May 7 13:54:03 mygentoo snort[8870]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times May 7 13:54:03 mygentoo snort[8870]: Max Header Field Length: 750 May 7 13:54:03 mygentoo snort[8870]: Max Number Header Fields: 100 May 7 13:54:03 mygentoo snort[8870]: Max Number of WhiteSpaces allowed with header folding: 200 May 7 13:54:03 mygentoo snort[8870]: Inspect Pipeline Requests: YES May 7 13:54:03 mygentoo snort[8870]: URI Discovery Strict Mode: NO May 7 13:54:03 mygentoo snort[8870]: Allow Proxy Usage: NO May 7 13:54:03 mygentoo snort[8870]: Disable Alerting: NO May 7 13:54:03 mygentoo snort[8870]: Oversize Dir Length: 500 May 7 13:54:03 mygentoo snort[8870]: Only inspect URI: NO May 7 13:54:03 mygentoo snort[8870]: Normalize HTTP Headers: NO May 7 13:54:03 mygentoo snort[8870]: Inspect HTTP Cookies: YES May 7 13:54:03 mygentoo snort[8870]: Inspect HTTP Responses: YES May 7 13:54:03 mygentoo snort[8870]: Extract Gzip from responses: YES May 7 13:54:03 mygentoo snort[8870]: Decompress response files: May 7 13:54:03 mygentoo snort[8870]: Unlimited decompression of gzip data from responses: YES May 7 13:54:03 mygentoo snort[8870]: Normalize Javascripts in HTTP Responses: YES May 7 13:54:03 mygentoo snort[8870]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200 May 7 13:54:03 mygentoo snort[8870]: Normalize HTTP Cookies: NO May 7 13:54:03 mygentoo snort[8870]: Enable XFF and True Client IP: NO May 7 13:54:03 mygentoo snort[8870]: Log HTTP URI data: NO May 7 13:54:03 mygentoo snort[8870]: Log HTTP Hostname data: NO May 7 13:54:03 mygentoo snort[8870]: Extended ASCII code support in URI: NO May 7 13:54:03 mygentoo snort[8870]: Ascii: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: Double Decoding: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: %U Encoding: YES alert: YES May 7 13:54:03 mygentoo snort[8870]: Bare Byte: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: UTF 8: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: IIS Unicode: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: Multiple Slash: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: IIS Backslash: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: Directory Traversal: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: Web Root Traversal: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: Apache WhiteSpace: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: IIS Delimiter: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG May 7 13:54:03 mygentoo snort[8870]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07 May 7 13:54:03 mygentoo snort[8870]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d May 7 13:54:03 mygentoo snort[8870]: rpc_decode arguments: May 7 13:54:03 mygentoo snort[8870]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 May 7 13:54:03 mygentoo snort[8870]: alert_fragments: INACTIVE May 7 13:54:03 mygentoo snort[8870]: alert_large_fragments: INACTIVE May 7 13:54:03 mygentoo snort[8870]: alert_incomplete: INACTIVE May 7 13:54:03 mygentoo snort[8870]: alert_multiple_requests: INACTIVE May 7 13:54:03 mygentoo snort[8870]: FTPTelnet Config: May 7 13:54:03 mygentoo snort[8870]: GLOBAL CONFIG May 7 13:54:03 mygentoo snort[8870]: Inspection Type: stateful May 7 13:54:03 mygentoo snort[8870]: Check for Encrypted Traffic: YES alert: NO May 7 13:54:03 mygentoo snort[8870]: Continue to check encrypted data: YES May 7 13:54:03 mygentoo snort[8870]: TELNET CONFIG: May 7 13:54:03 mygentoo snort[8870]: Ports: 23 May 7 13:54:03 mygentoo snort[8870]: Are You There Threshold: 20 May 7 13:54:03 mygentoo snort[8870]: Normalize: YES May 7 13:54:03 mygentoo snort[8870]: Detect Anomalies: YES May 7 13:54:03 mygentoo snort[8870]: FTP CONFIG: May 7 13:54:03 mygentoo snort[8870]: FTP Server: default May 7 13:54:03 mygentoo snort[8870]: Ports (PAF): 21 2100 3535 May 7 13:54:03 mygentoo snort[8870]: Check for Telnet Cmds: YES alert: YES May 7 13:54:03 mygentoo snort[8870]: Ignore Telnet Cmd Operations: YES alert: YES May 7 13:54:03 mygentoo snort[8870]: Ignore open data channels: NO May 7 13:54:03 mygentoo snort[8870]: FTP Client: default May 7 13:54:03 mygentoo snort[8870]: Check for Bounce Attacks: YES alert: YES May 7 13:54:03 mygentoo snort[8870]: Check for Telnet Cmds: YES alert: YES May 7 13:54:03 mygentoo snort[8870]: Ignore Telnet Cmd Operations: YES alert: YES May 7 13:54:03 mygentoo snort[8870]: Max Response Length: 256 May 7 13:54:03 mygentoo snort[8870]: SMTP Config: May 7 13:54:03 mygentoo snort[8870]: Ports: 25 465 587 691 May 7 13:54:03 mygentoo snort[8870]: Inspection Type: Stateful May 7 13:54:03 mygentoo snort[8870]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT X-DRCP X-ERCP X-EXCH50 May 7 13:54:03 mygentoo snort[8870]: Ignore Data: No May 7 13:54:03 mygentoo snort[8870]: Ignore TLS Data: No May 7 13:54:03 mygentoo snort[8870]: Ignore SMTP Alerts: No May 7 13:54:03 mygentoo snort[8870]: Max Command Line Length: 512 May 7 13:54:03 mygentoo snort[8870]: Max auth Command Line Length: 1000 May 7 13:54:03 mygentoo snort[8870]: Max Specific Command Line Length: May 7 13:54:03 mygentoo snort[8870]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255 May 7 13:54:03 mygentoo snort[8870]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255 May 7 13:54:03 mygentoo snort[8870]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500 May 7 13:54:03 mygentoo snort[8870]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246 May 7 13:54:03 mygentoo snort[8870]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246 May 7 13:54:03 mygentoo snort[8870]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246 May 7 13:54:03 mygentoo snort[8870]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246 May 7 13:54:03 mygentoo snort[8870]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246 May 7 13:54:03 mygentoo snort[8870]: XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246 May 7 13:54:03 mygentoo snort[8870]: XUSR:246 May 7 13:54:03 mygentoo snort[8870]: Max Header Line Length: 1000 May 7 13:54:03 mygentoo snort[8870]: Max Response Line Length: 512 May 7 13:54:03 mygentoo snort[8870]: X-Link2State Alert: Yes May 7 13:54:03 mygentoo snort[8870]: Drop on X-Link2State Alert: No May 7 13:54:03 mygentoo snort[8870]: Alert on commands: None May 7 13:54:03 mygentoo snort[8870]: Alert on unknown commands: No May 7 13:54:03 mygentoo snort[8870]: SMTP Memcap: 838860 May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860 May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Log Attachment filename: Enabled May 7 13:54:03 mygentoo snort[8870]: Log MAIL FROM Address: Enabled May 7 13:54:03 mygentoo snort[8870]: Log RCPT TO Addresses: Enabled May 7 13:54:03 mygentoo snort[8870]: Log Email Headers: Enabled May 7 13:54:03 mygentoo snort[8870]: Email Hdrs Log Depth: 1464 May 7 13:54:03 mygentoo snort[8870]: SSH config: May 7 13:54:03 mygentoo snort[8870]: Autodetection: ENABLED May 7 13:54:03 mygentoo snort[8870]: Challenge-Response Overflow Alert: ENABLED May 7 13:54:03 mygentoo snort[8870]: SSH1 CRC32 Alert: ENABLED May 7 13:54:03 mygentoo snort[8870]: Server Version String Overflow Alert: ENABLED May 7 13:54:03 mygentoo snort[8870]: Protocol Mismatch Alert: ENABLED May 7 13:54:03 mygentoo snort[8870]: Bad Message Direction Alert: DISABLED May 7 13:54:03 mygentoo snort[8870]: Bad Payload Size Alert: DISABLED May 7 13:54:03 mygentoo snort[8870]: Unrecognized Version Alert: DISABLED May 7 13:54:03 mygentoo snort[8870]: Max Encrypted Packets: 20 May 7 13:54:03 mygentoo snort[8870]: Max Server Version String Length: 100 May 7 13:54:03 mygentoo snort[8870]: MaxClientBytes: 19600 (Default) May 7 13:54:03 mygentoo snort[8870]: Ports: May 7 13:54:03 mygentoo snort[8870]: 22 May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: DCE/RPC 2 Preprocessor Configuration May 7 13:54:03 mygentoo snort[8870]: Global Configuration May 7 13:54:03 mygentoo snort[8870]: DCE/RPC Defragmentation: Enabled May 7 13:54:03 mygentoo snort[8870]: Memcap: 102400 KB May 7 13:54:03 mygentoo snort[8870]: Events: co May 7 13:54:03 mygentoo snort[8870]: SMB Fingerprint policy: Disabled May 7 13:54:03 mygentoo snort[8870]: Server Default Configuration May 7 13:54:03 mygentoo snort[8870]: Policy: WinXP May 7 13:54:03 mygentoo snort[8870]: Detect ports (PAF) May 7 13:54:03 mygentoo snort[8870]: SMB: 139 445 May 7 13:54:03 mygentoo snort[8870]: TCP: 135 May 7 13:54:03 mygentoo snort[8870]: UDP: 135 May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP server: 593 May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP proxy: None May 7 13:54:03 mygentoo snort[8870]: Autodetect ports (PAF) May 7 13:54:03 mygentoo snort[8870]: SMB: None May 7 13:54:03 mygentoo snort[8870]: TCP: 1025-65535 May 7 13:54:03 mygentoo snort[8870]: UDP: 1025-65535 May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP server: 1025-65535 May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP proxy: None May 7 13:54:03 mygentoo snort[8870]: Invalid SMB shares: C$ D$ ADMIN$ May 7 13:54:03 mygentoo snort[8870]: Maximum SMB command chaining: 3 commands May 7 13:54:03 mygentoo snort[8870]: SMB file inspection: Disabled May 7 13:54:03 mygentoo snort[8870]: DNS config: May 7 13:54:03 mygentoo snort[8870]: DNS Client rdata txt Overflow Alert: ACTIVE May 7 13:54:03 mygentoo snort[8870]: Obsolete DNS RR Types Alert: INACTIVE May 7 13:54:03 mygentoo snort[8870]: Experimental DNS RR Types Alert: INACTIVE May 7 13:54:03 mygentoo snort[8870]: Ports: May 7 13:54:03 mygentoo snort[8870]: 53 May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: SSLPP config: May 7 13:54:03 mygentoo snort[8870]: Encrypted packets: not inspected May 7 13:54:03 mygentoo snort[8870]: Ports: May 7 13:54:03 mygentoo snort[8870]: 443 465 563 636 989 May 7 13:54:03 mygentoo snort[8870]: 992 993 994 995 7801 May 7 13:54:03 mygentoo snort[8870]: 7802 7900 7901 7902 7903 May 7 13:54:03 mygentoo snort[8870]: 7904 7905 7906 7907 7908 May 7 13:54:03 mygentoo snort[8870]: 7909 7910 7911 7912 7913 May 7 13:54:03 mygentoo snort[8870]: 7914 7915 7916 7917 7918 May 7 13:54:03 mygentoo snort[8870]: 7919 7920 May 7 13:54:03 mygentoo snort[8870]: Server side data is trusted May 7 13:54:03 mygentoo snort[8870]: Maximum SSL Heartbeat length: 0 May 7 13:54:03 mygentoo snort[8870]: Sensitive Data preprocessor config: May 7 13:54:03 mygentoo snort[8870]: Global Alert Threshold: 25 May 7 13:54:03 mygentoo snort[8870]: Masked Output: DISABLED May 7 13:54:03 mygentoo snort[8870]: SIP config: May 7 13:54:03 mygentoo snort[8870]: Max number of sessions: 40000 May 7 13:54:03 mygentoo snort[8870]: Max number of dialogs in a session: 4 (Default) May 7 13:54:03 mygentoo snort[8870]: Status: ENABLED May 7 13:54:03 mygentoo snort[8870]: Ignore media channel: DISABLED May 7 13:54:03 mygentoo snort[8870]: Max URI length: 512 May 7 13:54:03 mygentoo snort[8870]: Max Call ID length: 80 May 7 13:54:03 mygentoo snort[8870]: Max Request name length: 20 (Default) May 7 13:54:03 mygentoo snort[8870]: Max From length: 256 (Default) May 7 13:54:03 mygentoo snort[8870]: Max To length: 256 (Default) May 7 13:54:03 mygentoo snort[8870]: Max Via length: 1024 (Default) May 7 13:54:03 mygentoo snort[8870]: Max Contact length: 512 May 7 13:54:03 mygentoo snort[8870]: Max Content length: 2048 May 7 13:54:03 mygentoo snort[8870]: Ports: May 7 13:54:03 mygentoo snort[8870]: 5060 May 7 13:54:03 mygentoo snort[8870]: 5061 May 7 13:54:03 mygentoo snort[8870]: 5600 May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: Methods: May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: invite May 7 13:54:03 mygentoo snort[8870]: cancel May 7 13:54:03 mygentoo snort[8870]: ack May 7 13:54:03 mygentoo snort[8870]: bye May 7 13:54:03 mygentoo snort[8870]: register May 7 13:54:03 mygentoo snort[8870]: options May 7 13:54:03 mygentoo snort[8870]: refer May 7 13:54:03 mygentoo snort[8870]: subscribe May 7 13:54:03 mygentoo snort[8870]: update May 7 13:54:03 mygentoo snort[8870]: join May 7 13:54:03 mygentoo snort[8870]: info May 7 13:54:03 mygentoo snort[8870]: message May 7 13:54:03 mygentoo snort[8870]: notify May 7 13:54:03 mygentoo snort[8870]: benotify May 7 13:54:03 mygentoo snort[8870]: do May 7 13:54:03 mygentoo snort[8870]: qauth May 7 13:54:03 mygentoo snort[8870]: sprack May 7 13:54:03 mygentoo snort[8870]: publish May 7 13:54:03 mygentoo snort[8870]: service May 7 13:54:03 mygentoo snort[8870]: unsubscribe May 7 13:54:03 mygentoo snort[8870]: prack May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: IMAP Config: May 7 13:54:03 mygentoo snort[8870]: Ports: 143 May 7 13:54:03 mygentoo snort[8870]: IMAP Memcap: 838860 May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860 May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: POP Config: May 7 13:54:03 mygentoo snort[8870]: Ports: 110 May 7 13:54:03 mygentoo snort[8870]: POP Memcap: 838860 May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860 May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited May 7 13:54:03 mygentoo snort[8870]: Modbus config: May 7 13:54:03 mygentoo snort[8870]: Ports: May 7 13:54:03 mygentoo snort[8870]: 502 May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: DNP3 config: May 7 13:54:03 mygentoo snort[8870]: Memcap: 262144 May 7 13:54:03 mygentoo snort[8870]: Check Link-Layer CRCs: ENABLED May 7 13:54:03 mygentoo snort[8870]: Ports: May 7 13:54:03 mygentoo snort[8870]: 20000 May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: Reputation config: May 7 13:54:03 mygentoo snort[8870]: WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled. May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: +++++++++++++++++++++++++++++++++++++++++++++++++++ May 7 13:54:03 mygentoo snort[8870]: Initializing rule chains... May 7 13:54:03 mygentoo snort[8870]: 434 Snort rules read May 7 13:54:03 mygentoo snort[8870]: 4 detection rules May 7 13:54:03 mygentoo snort[8870]: 153 decoder rules May 7 13:54:03 mygentoo snort[8870]: 277 preprocessor rules May 7 13:54:03 mygentoo snort[8870]: 434 Option Chains linked into 2 Chain Headers May 7 13:54:03 mygentoo snort[8870]: 0 Dynamic rules May 7 13:54:03 mygentoo snort[8870]: +++++++++++++++++++++++++++++++++++++++++++++++++++ May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: +-------------------[Rule Port Counts]--------------------------------------- May 7 13:54:03 mygentoo snort[8870]: | tcp udp icmp ip May 7 13:54:03 mygentoo snort[8870]: | src 0 0 0 0 May 7 13:54:03 mygentoo snort[8870]: | dst 4 0 0 0 May 7 13:54:03 mygentoo snort[8870]: | any 430 0 0 0 May 7 13:54:03 mygentoo snort[8870]: | nc 434 0 0 0 May 7 13:54:03 mygentoo snort[8870]: | s+d 0 0 0 0 May 7 13:54:03 mygentoo snort[8870]: +---------------------------------------------------------------------------- May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: +-----------------------[detection-filter-config]------------------------------ May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes May 7 13:54:03 mygentoo snort[8870]: +-----------------------[detection-filter-rules]------------------------------- May 7 13:54:03 mygentoo snort[8870]: | none May 7 13:54:03 mygentoo snort[8870]: ------------------------------------------------------------------------------- May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: +-----------------------[rate-filter-config]----------------------------------- May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes May 7 13:54:03 mygentoo snort[8870]: +-----------------------[rate-filter-rules]------------------------------------ May 7 13:54:03 mygentoo snort[8870]: | none May 7 13:54:03 mygentoo snort[8870]: ------------------------------------------------------------------------------- May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-config]---------------------------------- May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-global]---------------------------------- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-local]----------------------------------- May 7 13:54:03 mygentoo snort[8870]: | none May 7 13:54:03 mygentoo snort[8870]: +-----------------------[suppression]------------------------------------------ May 7 13:54:03 mygentoo snort[8870]: | none May 7 13:54:03 mygentoo snort[8870]: ------------------------------------------------------------------------------- May 7 13:54:03 mygentoo snort[8870]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log May 7 13:54:03 mygentoo snort[8870]: Verifying Preprocessor Configurations! May 7 13:54:03 mygentoo snort[8870]: May 7 13:54:03 mygentoo snort[8870]: [ Port Based Pattern Matching Memory ] May 7 13:54:03 mygentoo snort[8870]: [ Number of patterns truncated to 20 bytes: 0 ] May 7 13:54:03 mygentoo snort[8870]: pcap DAQ configured to passive. May 7 13:54:03 mygentoo snort[8870]: Acquiring network traffic from "wlp2s0". May 7 13:54:03 mygentoo snort[8870]: Initializing daemon mode May 7 13:54:03 mygentoo snort[8878]: Daemon initialized, signaled parent pid: 8870 May 7 13:54:03 mygentoo snort[8878]: Reload thread starting... May 7 13:54:03 mygentoo snort[8878]: Reload thread started, thread 0x7f274a4b2700 (8879) May 7 13:54:03 mygentoo kernel: device wlp2s0 entered promiscuous mode May 7 13:54:03 mygentoo snort[8878]: Decoding Ethernet May 7 13:54:03 mygentoo snort[8878]: Set gid to 104 May 7 13:54:03 mygentoo snort[8878]: Set uid to 103 May 7 13:54:03 mygentoo snort[8878]: Checking PID path... May 7 13:54:03 mygentoo snort[8878]: WARNING: /var/run/snort is invalid, trying /var/run... May 7 13:54:03 mygentoo snort[8878]: Previous Error, errno=13, (Permission denied) May 7 13:54:03 mygentoo snort[8878]: WARNING: _PATH_VARRUN is invalid, trying /var/log/ ... May 7 13:54:03 mygentoo snort[8878]: WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort/). May 7 13:54:03 mygentoo snort[8878]: Writing PID "8878" to file "/var/log/snort///snort_wlp2s0.pid" May 7 13:54:03 mygentoo snort[8878]: May 7 13:54:03 mygentoo snort[8878]: --== Initialization Complete ==-- May 7 13:54:03 mygentoo snort[8878]: May 7 13:54:03 mygentoo snort[8878]: ,,_ -*> Snort! <*- May 7 13:54:03 mygentoo snort[8878]: o" )~ Version 2.9.8.3 GRE (Build 383) May 7 13:54:03 mygentoo snort[8878]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team May 7 13:54:03 mygentoo snort[8878]: Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved. May 7 13:54:03 mygentoo snort[8878]: Copyright (C) 1998-2013 Sourcefire, Inc., et al. May 7 13:54:03 mygentoo snort[8878]: Using libpcap version 1.8.1 May 7 13:54:03 mygentoo snort[8878]: Using PCRE version: 8.41 2017-07-05 May 7 13:54:03 mygentoo snort[8878]: Using ZLIB version: 1.2.11 May 7 13:54:03 mygentoo snort[8878]: May 7 13:54:03 mygentoo snort[8878]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.6 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_MODBUS Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_REPUTATION Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SMTP Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SDF Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DNP3 Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SIP Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_IMAP Version 1.0 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SSH Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SSLPP Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DNS Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_POP Version 1.0 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_GTP Version 1.1 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_FTPTELNET Version 1.2 May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DCERPC2 Version 1.0 May 7 13:54:03 mygentoo snort[8878]: Commencing packet processing (pid=8878) May 7 13:54:04 mygentoo dhcpcd[3920]: wlp2s0: offered 192.168.43.166 from 192.168.43.1 May 7 13:54:04 mygentoo dhcpcd[3920]: wlp2s0: probing address 192.168.43.166/24 May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: leased 192.168.43.166 for 7200 seconds May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: adding route to 192.168.43.0/24 May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: adding default route via 192.168.43.1 May 7 13:54:14 mygentoo dhcpcd[3920]: wlp2s0: no IPv6 Routers available May 7 13:57:05 mygentoo kernel: perf: interrupt took too long (3136 > 3135), lowering kernel.perf_event_max_sample_rate to 63000 May 7 13:59:01 mygentoo CROND[10232]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly) May 7 14:00:01 mygentoo CROND[10642]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 14:00:01 mygentoo CROND[10641]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 14:05:15 mygentoo kernel: perf: interrupt took too long (3924 > 3920), lowering kernel.perf_event_max_sample_rate to 50000 May 7 14:10:01 mygentoo CROND[14516]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 14:10:01 mygentoo CROND[14515]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 14:20:01 mygentoo CROND[17810]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 14:20:01 mygentoo CROND[17811]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 14:30:01 mygentoo CROND[19819]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 14:30:01 mygentoo CROND[19820]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 14:40:01 mygentoo CROND[21835]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 14:40:01 mygentoo CROND[21836]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 14:46:19 mygentoo su[23087]: Successful su for root by josephlaptop May 7 14:46:19 mygentoo su[23087]: + /dev/pts/1 josephlaptop:root May 7 14:46:19 mygentoo su[23087]: pam_unix(su:session): session opened for user root by (uid=1000) May 7 14:50:01 mygentoo CROND[23853]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 14:50:01 mygentoo CROND[23852]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 14:59:01 mygentoo CROND[25672]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly) May 7 15:00:01 mygentoo CROND[25877]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 15:00:01 mygentoo CROND[25878]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 15:10:01 mygentoo CROND[27879]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 15:10:01 mygentoo CROND[27878]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 15:20:01 mygentoo CROND[29883]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 15:20:01 mygentoo CROND[29884]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 15:30:01 mygentoo CROND[31886]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 15:30:01 mygentoo CROND[31887]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 15:40:01 mygentoo CROND[1429]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 15:40:01 mygentoo CROND[1430]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 15:50:01 mygentoo CROND[3480]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 15:50:01 mygentoo CROND[3481]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 15:55:48 mygentoo su[4670]: Successful su for root by josephlaptop May 7 15:55:48 mygentoo su[4670]: + /dev/pts/2 josephlaptop:root May 7 15:55:48 mygentoo su[4670]: pam_unix(su:session): session opened for user root by (uid=1000) May 7 15:59:01 mygentoo CROND[15958]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly) May 7 16:00:01 mygentoo CROND[16161]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 16:00:01 mygentoo CROND[16162]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 16:10:01 mygentoo CROND[29710]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons) May 7 16:10:01 mygentoo CROND[29711]: (root) CMD (/usr/lib64/sa/sa1 1 1) May 7 16:11:13 mygentoo kernel: perf: interrupt took too long (4907 > 4905), lowering kernel.perf_event_max_sample_rate to 40000 May 7 16:17:14 mygentoo su[23087]: pam_unix(su:session): session closed for user root