spacepaste

Paste details

reply | raw

  1.  
  2. May 7 13:40:01 mygentoo CROND[4347]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  3. May 7 13:40:22 mygentoo su[4436]: Successful su for root by josephlaptop
  4. May 7 13:40:22 mygentoo su[4436]: + /dev/pts/0 josephlaptop:root
  5. May 7 13:40:22 mygentoo su[4436]: pam_unix(su:session): session opened for user root by (uid=1000)
  6. May 7 13:45:13 mygentoo su[4436]: pam_unix(su:session): session closed for user root
  7. May 7 13:45:14 mygentoo login[4202]: pam_unix(login:session): session closed for user josephlaptop
  8. May 7 13:45:38 mygentoo login[5268]: pam_unix(login:session): session opened for user josephlaptop by LOGIN(uid=0)
  9. May 7 13:45:47 mygentoo su[5390]: Successful su for root by josephlaptop
  10. May 7 13:45:47 mygentoo su[5390]: + /dev/pts/0 josephlaptop:root
  11. May 7 13:45:47 mygentoo su[5390]: pam_unix(su:session): session opened for user root by (uid=1000)
  12. May 7 13:50:01 mygentoo CROND[7282]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  13. May 7 13:50:01 mygentoo CROND[7281]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  14. May 7 13:52:04 mygentoo kernel: perf: interrupt took too long (2508 > 2500), lowering kernel.perf_event_max_sample_rate to 79000
  15. May 7 13:54:01 mygentoo kernel: wlp2s0: authenticate with a0:91:69:d7:f6:bd
  16. May 7 13:54:01 mygentoo kernel: wlp2s0: send auth to a0:91:69:d7:f6:bd (try 1/3)
  17. May 7 13:54:01 mygentoo kernel: wlp2s0: authenticated
  18. May 7 13:54:01 mygentoo kernel: wlp2s0: associate with a0:91:69:d7:f6:bd (try 1/3)
  19. May 7 13:54:01 mygentoo kernel: wlp2s0: RX AssocResp from a0:91:69:d7:f6:bd (capab=0x8431 status=0 aid=2)
  20. May 7 13:54:01 mygentoo kernel: wlp2s0: associated
  21. May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: carrier acquired
  22. May 7 13:54:01 mygentoo kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
  23. May 7 13:54:01 mygentoo wpa_cli[8614]: interface wlp2s0 CONNECTED
  24. May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: adding address fe80::cae6:4ae2:97b3:1111
  25. May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: IAID d6:cc:fb:3a
  26. May 7 13:54:01 mygentoo dhcpcd[8752]: sending commands to master dhcpcd process
  27. May 7 13:54:01 mygentoo dhcpcd[3920]: control command: dhcpcd -m 2003 wlp2s0
  28. May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: soliciting an IPv6 router
  29. May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: soliciting a DHCP lease
  30. May 7 13:54:02 mygentoo snort[8870]: Found pid path directive (/var/run/snort)
  31. May 7 13:54:02 mygentoo snort[8870]: Running in IDS mode
  32. May 7 13:54:02 mygentoo snort[8870]:
  33. May 7 13:54:02 mygentoo snort[8870]: --== Initializing Snort ==--
  34. May 7 13:54:02 mygentoo snort[8870]: Initializing Output Plugins!
  35. May 7 13:54:02 mygentoo snort[8870]: Initializing Preprocessors!
  36. May 7 13:54:02 mygentoo snort[8870]: Initializing Plug-ins!
  37. May 7 13:54:02 mygentoo snort[8870]: Parsing Rules file "/etc/snort/snort.conf"
  38. May 7 13:54:03 mygentoo snort[8870]: PortVar 'HTTP_PORTS' defined :
  39. May 7 13:54:03 mygentoo snort[8870]: [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ]
  40. May 7 13:54:03 mygentoo snort[8870]:
  41. May 7 13:54:03 mygentoo snort[8870]: PortVar 'SHELLCODE_PORTS' defined :
  42. May 7 13:54:03 mygentoo snort[8870]: [ 0:79 81:65535 ]
  43. May 7 13:54:03 mygentoo snort[8870]:
  44. May 7 13:54:03 mygentoo snort[8870]: PortVar 'ORACLE_PORTS' defined :
  45. May 7 13:54:03 mygentoo snort[8870]: [ 1024:65535 ]
  46. May 7 13:54:03 mygentoo snort[8870]:
  47. May 7 13:54:03 mygentoo snort[8870]: PortVar 'SSH_PORTS' defined :
  48. May 7 13:54:03 mygentoo snort[8870]: [ 22 ]
  49. May 7 13:54:03 mygentoo snort[8870]:
  50. May 7 13:54:03 mygentoo snort[8870]: PortVar 'FTP_PORTS' defined :
  51. May 7 13:54:03 mygentoo snort[8870]: [ 21 2100 3535 ]
  52. May 7 13:54:03 mygentoo snort[8870]:
  53. May 7 13:54:03 mygentoo snort[8870]: PortVar 'SIP_PORTS' defined :
  54. May 7 13:54:03 mygentoo snort[8870]: [ 5060:5061 5600 ]
  55. May 7 13:54:03 mygentoo snort[8870]:
  56. May 7 13:54:03 mygentoo snort[8870]: PortVar 'FILE_DATA_PORTS' defined :
  57. May 7 13:54:03 mygentoo snort[8870]: [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ]
  58. May 7 13:54:03 mygentoo snort[8870]:
  59. May 7 13:54:03 mygentoo snort[8870]: PortVar 'GTP_PORTS' defined :
  60. May 7 13:54:03 mygentoo snort[8870]: [ 2123 2152 3386 ]
  61. May 7 13:54:03 mygentoo snort[8870]:
  62. May 7 13:54:03 mygentoo snort[8870]: Detection:
  63. May 7 13:54:03 mygentoo snort[8870]: Search-Method = AC-Full-Q
  64. May 7 13:54:03 mygentoo snort[8870]: Split Any/Any group = enabled
  65. May 7 13:54:03 mygentoo snort[8870]: Search-Method-Optimizations = enabled
  66. May 7 13:54:03 mygentoo snort[8870]: Maximum pattern length = 20
  67. May 7 13:54:03 mygentoo snort[8870]: Found pid path directive (/var/run/snort)
  68. May 7 13:54:03 mygentoo snort[8870]: Tagged Packet Limit: 256
  69. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic engine /usr/lib64/snort_dynamicengine/libsf_engine.so...
  70. May 7 13:54:03 mygentoo snort[8870]: done
  71. May 7 13:54:03 mygentoo snort[8870]: Loading all dynamic detection libs from /usr/lib64/snort_dynamicrules...
  72. May 7 13:54:03 mygentoo snort[8870]: WARNING: No dynamic libraries found in directory /usr/lib64/snort_dynamicrules.
  73. May 7 13:54:03 mygentoo snort[8870]: Finished Loading all dynamic detection libs from /usr/lib64/snort_dynamicrules
  74. May 7 13:54:03 mygentoo snort[8870]: Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor...
  75. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dce2_preproc.so...
  76. May 7 13:54:03 mygentoo snort[8870]: done
  77. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so...
  78. May 7 13:54:03 mygentoo snort[8870]: done
  79. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_gtp_preproc.so...
  80. May 7 13:54:03 mygentoo snort[8870]: done
  81. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_pop_preproc.so...
  82. May 7 13:54:03 mygentoo snort[8870]: done
  83. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dns_preproc.so...
  84. May 7 13:54:03 mygentoo snort[8870]: done
  85. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssl_preproc.so...
  86. May 7 13:54:03 mygentoo snort[8870]: done
  87. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssh_preproc.so...
  88. May 7 13:54:03 mygentoo snort[8870]: done
  89. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_imap_preproc.so...
  90. May 7 13:54:03 mygentoo snort[8870]: done
  91. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_sip_preproc.so...
  92. May 7 13:54:03 mygentoo snort[8870]: done
  93. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dnp3_preproc.so...
  94. May 7 13:54:03 mygentoo snort[8870]: done
  95. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_sdf_preproc.so...
  96. May 7 13:54:03 mygentoo snort[8870]: done
  97. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_smtp_preproc.so...
  98. May 7 13:54:03 mygentoo snort[8870]: done
  99. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_reputation_preproc.so...
  100. May 7 13:54:03 mygentoo snort[8870]: done
  101. May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_modbus_preproc.so...
  102. May 7 13:54:03 mygentoo snort[8870]: done
  103. May 7 13:54:03 mygentoo snort[8870]: Finished Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor
  104. May 7 13:54:03 mygentoo snort[8870]: Log directory = /var/log/snort/
  105. May 7 13:54:03 mygentoo snort[8870]: WARNING: ip4 normalizations disabled because not inline.
  106. May 7 13:54:03 mygentoo snort[8870]: WARNING: tcp normalizations disabled because not inline.
  107. May 7 13:54:03 mygentoo snort[8870]: WARNING: icmp4 normalizations disabled because not inline.
  108. May 7 13:54:03 mygentoo snort[8870]: WARNING: ip6 normalizations disabled because not inline.
  109. May 7 13:54:03 mygentoo snort[8870]: WARNING: icmp6 normalizations disabled because not inline.
  110. May 7 13:54:03 mygentoo snort[8870]: Frag3 global config:
  111. May 7 13:54:03 mygentoo snort[8870]: Max frags: 65536
  112. May 7 13:54:03 mygentoo snort[8870]: Fragment memory cap: 4194304 bytes
  113. May 7 13:54:03 mygentoo snort[8870]: Frag3 engine config:
  114. May 7 13:54:03 mygentoo snort[8870]: Bound Address: default
  115. May 7 13:54:03 mygentoo snort[8870]: Target-based policy: WINDOWS
  116. May 7 13:54:03 mygentoo snort[8870]: Fragment timeout: 180 seconds
  117. May 7 13:54:03 mygentoo snort[8870]: Fragment min_ttl: 1
  118. May 7 13:54:03 mygentoo snort[8870]: Fragment Anomalies: Alert
  119. May 7 13:54:03 mygentoo snort[8870]: Overlap Limit: 10
  120. May 7 13:54:03 mygentoo snort[8870]: Min fragment Length: 100
  121. May 7 13:54:03 mygentoo snort[8870]: Max Expected Streams: 768
  122. May 7 13:54:03 mygentoo snort[8870]: Stream global config:
  123. May 7 13:54:03 mygentoo snort[8870]: Track TCP sessions: ACTIVE
  124. May 7 13:54:03 mygentoo snort[8870]: Max TCP sessions: 262144
  125. May 7 13:54:03 mygentoo snort[8870]: TCP cache pruning timeout: 30 seconds
  126. May 7 13:54:03 mygentoo snort[8870]: TCP cache nominal timeout: 3600 seconds
  127. May 7 13:54:03 mygentoo snort[8870]: Memcap (for reassembly packet storage): 8388608
  128. May 7 13:54:03 mygentoo snort[8870]: Track UDP sessions: ACTIVE
  129. May 7 13:54:03 mygentoo snort[8870]: Max UDP sessions: 131072
  130. May 7 13:54:03 mygentoo snort[8870]: UDP cache pruning timeout: 30 seconds
  131. May 7 13:54:03 mygentoo snort[8870]: UDP cache nominal timeout: 180 seconds
  132. May 7 13:54:03 mygentoo snort[8870]: Track ICMP sessions: INACTIVE
  133. May 7 13:54:03 mygentoo snort[8870]: Track IP sessions: INACTIVE
  134. May 7 13:54:03 mygentoo snort[8870]: Log info if session memory consumption exceeds 1048576
  135. May 7 13:54:03 mygentoo snort[8870]: Send up to 2 active responses
  136. May 7 13:54:03 mygentoo snort[8870]: Wait at least 5 seconds between responses
  137. May 7 13:54:03 mygentoo snort[8870]: Protocol Aware Flushing: ACTIVE
  138. May 7 13:54:03 mygentoo snort[8870]: Maximum Flush Point: 16000
  139. May 7 13:54:03 mygentoo snort[8870]: Stream TCP Policy config:
  140. May 7 13:54:03 mygentoo snort[8870]: Bound Address: default
  141. May 7 13:54:03 mygentoo snort[8870]: Reassembly Policy: WINDOWS
  142. May 7 13:54:03 mygentoo snort[8870]: Timeout: 180 seconds
  143. May 7 13:54:03 mygentoo snort[8870]: Limit on TCP Overlaps: 10
  144. May 7 13:54:03 mygentoo snort[8870]: Maximum number of bytes to queue per session: 1048576
  145. May 7 13:54:03 mygentoo snort[8870]: Maximum number of segs to queue per session: 2621
  146. May 7 13:54:03 mygentoo snort[8870]: Options:
  147. May 7 13:54:03 mygentoo snort[8870]: Require 3-Way Handshake: YES
  148. May 7 13:54:03 mygentoo snort[8870]: 3-Way Handshake Timeout: 180
  149. May 7 13:54:03 mygentoo snort[8870]: Detect Anomalies: YES
  150. May 7 13:54:03 mygentoo snort[8870]: Reassembly Ports:
  151. May 7 13:54:03 mygentoo snort[8870]: 21 client (Footprint)
  152. May 7 13:54:03 mygentoo snort[8870]: 22 client (Footprint)
  153. May 7 13:54:03 mygentoo snort[8870]: 23 client (Footprint)
  154. May 7 13:54:03 mygentoo snort[8870]: 25 client (Footprint)
  155. May 7 13:54:03 mygentoo snort[8870]: 42 client (Footprint)
  156. May 7 13:54:03 mygentoo snort[8870]: 53 client (Footprint)
  157. May 7 13:54:03 mygentoo snort[8870]: 79 client (Footprint)
  158. May 7 13:54:03 mygentoo snort[8870]: 80 client (Footprint) server (Footprint)
  159. May 7 13:54:03 mygentoo snort[8870]: 81 client (Footprint) server (Footprint)
  160. May 7 13:54:03 mygentoo snort[8870]: 109 client (Footprint)
  161. May 7 13:54:03 mygentoo snort[8870]: 110 client (Footprint)
  162. May 7 13:54:03 mygentoo snort[8870]: 111 client (Footprint)
  163. May 7 13:54:03 mygentoo snort[8870]: 113 client (Footprint)
  164. May 7 13:54:03 mygentoo snort[8870]: 119 client (Footprint)
  165. May 7 13:54:03 mygentoo snort[8870]: 135 client (Footprint)
  166. May 7 13:54:03 mygentoo snort[8870]: 136 client (Footprint)
  167. May 7 13:54:03 mygentoo snort[8870]: 137 client (Footprint)
  168. May 7 13:54:03 mygentoo snort[8870]: 139 client (Footprint)
  169. May 7 13:54:03 mygentoo snort[8870]: 143 client (Footprint)
  170. May 7 13:54:03 mygentoo snort[8870]: 161 client (Footprint)
  171. May 7 13:54:03 mygentoo snort[8870]: additional ports configured but not printed.
  172. May 7 13:54:03 mygentoo snort[8870]: Stream UDP Policy config:
  173. May 7 13:54:03 mygentoo snort[8870]: Timeout: 180 seconds
  174. May 7 13:54:03 mygentoo snort[8870]: HttpInspect Config:
  175. May 7 13:54:03 mygentoo snort[8870]: GLOBAL CONFIG
  176. May 7 13:54:03 mygentoo snort[8870]: Detect Proxy Usage: NO
  177. May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map Filename: /etc/snort/unicode.map
  178. May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map Codepage: 1252
  179. May 7 13:54:03 mygentoo snort[8870]: Memcap used for logging URI and Hostname: 150994944
  180. May 7 13:54:03 mygentoo snort[8870]: Max Gzip Memory: 838860
  181. May 7 13:54:03 mygentoo snort[8870]: Max Gzip Sessions: 1613
  182. May 7 13:54:03 mygentoo snort[8870]: Gzip Compress Depth: 65535
  183. May 7 13:54:03 mygentoo snort[8870]: Gzip Decompress Depth: 65535
  184. May 7 13:54:03 mygentoo snort[8870]: DEFAULT SERVER CONFIG:
  185. May 7 13:54:03 mygentoo snort[8870]: Server profile: All
  186. May 7 13:54:03 mygentoo snort[8870]: Ports (PAF): 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555
  187. May 7 13:54:03 mygentoo snort[8870]: Server Flow Depth: 0
  188. May 7 13:54:03 mygentoo snort[8870]: Client Flow Depth: 0
  189. May 7 13:54:03 mygentoo snort[8870]: Max Chunk Length: 500000
  190. May 7 13:54:03 mygentoo snort[8870]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
  191. May 7 13:54:03 mygentoo snort[8870]: Max Header Field Length: 750
  192. May 7 13:54:03 mygentoo snort[8870]: Max Number Header Fields: 100
  193. May 7 13:54:03 mygentoo snort[8870]: Max Number of WhiteSpaces allowed with header folding: 200
  194. May 7 13:54:03 mygentoo snort[8870]: Inspect Pipeline Requests: YES
  195. May 7 13:54:03 mygentoo snort[8870]: URI Discovery Strict Mode: NO
  196. May 7 13:54:03 mygentoo snort[8870]: Allow Proxy Usage: NO
  197. May 7 13:54:03 mygentoo snort[8870]: Disable Alerting: NO
  198. May 7 13:54:03 mygentoo snort[8870]: Oversize Dir Length: 500
  199. May 7 13:54:03 mygentoo snort[8870]: Only inspect URI: NO
  200. May 7 13:54:03 mygentoo snort[8870]: Normalize HTTP Headers: NO
  201. May 7 13:54:03 mygentoo snort[8870]: Inspect HTTP Cookies: YES
  202. May 7 13:54:03 mygentoo snort[8870]: Inspect HTTP Responses: YES
  203. May 7 13:54:03 mygentoo snort[8870]: Extract Gzip from responses: YES
  204. May 7 13:54:03 mygentoo snort[8870]: Decompress response files:
  205. May 7 13:54:03 mygentoo snort[8870]: Unlimited decompression of gzip data from responses: YES
  206. May 7 13:54:03 mygentoo snort[8870]: Normalize Javascripts in HTTP Responses: YES
  207. May 7 13:54:03 mygentoo snort[8870]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
  208. May 7 13:54:03 mygentoo snort[8870]: Normalize HTTP Cookies: NO
  209. May 7 13:54:03 mygentoo snort[8870]: Enable XFF and True Client IP: NO
  210. May 7 13:54:03 mygentoo snort[8870]: Log HTTP URI data: NO
  211. May 7 13:54:03 mygentoo snort[8870]: Log HTTP Hostname data: NO
  212. May 7 13:54:03 mygentoo snort[8870]: Extended ASCII code support in URI: NO
  213. May 7 13:54:03 mygentoo snort[8870]: Ascii: YES alert: NO
  214. May 7 13:54:03 mygentoo snort[8870]: Double Decoding: YES alert: NO
  215. May 7 13:54:03 mygentoo snort[8870]: %U Encoding: YES alert: YES
  216. May 7 13:54:03 mygentoo snort[8870]: Bare Byte: YES alert: NO
  217. May 7 13:54:03 mygentoo snort[8870]: UTF 8: YES alert: NO
  218. May 7 13:54:03 mygentoo snort[8870]: IIS Unicode: YES alert: NO
  219. May 7 13:54:03 mygentoo snort[8870]: Multiple Slash: YES alert: NO
  220. May 7 13:54:03 mygentoo snort[8870]: IIS Backslash: YES alert: NO
  221. May 7 13:54:03 mygentoo snort[8870]: Directory Traversal: YES alert: NO
  222. May 7 13:54:03 mygentoo snort[8870]: Web Root Traversal: YES alert: NO
  223. May 7 13:54:03 mygentoo snort[8870]: Apache WhiteSpace: YES alert: NO
  224. May 7 13:54:03 mygentoo snort[8870]: IIS Delimiter: YES alert: NO
  225. May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
  226. May 7 13:54:03 mygentoo snort[8870]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
  227. May 7 13:54:03 mygentoo snort[8870]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
  228. May 7 13:54:03 mygentoo snort[8870]: rpc_decode arguments:
  229. May 7 13:54:03 mygentoo snort[8870]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
  230. May 7 13:54:03 mygentoo snort[8870]: alert_fragments: INACTIVE
  231. May 7 13:54:03 mygentoo snort[8870]: alert_large_fragments: INACTIVE
  232. May 7 13:54:03 mygentoo snort[8870]: alert_incomplete: INACTIVE
  233. May 7 13:54:03 mygentoo snort[8870]: alert_multiple_requests: INACTIVE
  234. May 7 13:54:03 mygentoo snort[8870]: FTPTelnet Config:
  235. May 7 13:54:03 mygentoo snort[8870]: GLOBAL CONFIG
  236. May 7 13:54:03 mygentoo snort[8870]: Inspection Type: stateful
  237. May 7 13:54:03 mygentoo snort[8870]: Check for Encrypted Traffic: YES alert: NO
  238. May 7 13:54:03 mygentoo snort[8870]: Continue to check encrypted data: YES
  239. May 7 13:54:03 mygentoo snort[8870]: TELNET CONFIG:
  240. May 7 13:54:03 mygentoo snort[8870]: Ports: 23
  241. May 7 13:54:03 mygentoo snort[8870]: Are You There Threshold: 20
  242. May 7 13:54:03 mygentoo snort[8870]: Normalize: YES
  243. May 7 13:54:03 mygentoo snort[8870]: Detect Anomalies: YES
  244. May 7 13:54:03 mygentoo snort[8870]: FTP CONFIG:
  245. May 7 13:54:03 mygentoo snort[8870]: FTP Server: default
  246. May 7 13:54:03 mygentoo snort[8870]: Ports (PAF): 21 2100 3535
  247. May 7 13:54:03 mygentoo snort[8870]: Check for Telnet Cmds: YES alert: YES
  248. May 7 13:54:03 mygentoo snort[8870]: Ignore Telnet Cmd Operations: YES alert: YES
  249. May 7 13:54:03 mygentoo snort[8870]: Ignore open data channels: NO
  250. May 7 13:54:03 mygentoo snort[8870]: FTP Client: default
  251. May 7 13:54:03 mygentoo snort[8870]: Check for Bounce Attacks: YES alert: YES
  252. May 7 13:54:03 mygentoo snort[8870]: Check for Telnet Cmds: YES alert: YES
  253. May 7 13:54:03 mygentoo snort[8870]: Ignore Telnet Cmd Operations: YES alert: YES
  254. May 7 13:54:03 mygentoo snort[8870]: Max Response Length: 256
  255. May 7 13:54:03 mygentoo snort[8870]: SMTP Config:
  256. May 7 13:54:03 mygentoo snort[8870]: Ports: 25 465 587 691
  257. May 7 13:54:03 mygentoo snort[8870]: Inspection Type: Stateful
  258. May 7 13:54:03 mygentoo snort[8870]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT X-DRCP X-ERCP X-EXCH50
  259. May 7 13:54:03 mygentoo snort[8870]: Ignore Data: No
  260. May 7 13:54:03 mygentoo snort[8870]: Ignore TLS Data: No
  261. May 7 13:54:03 mygentoo snort[8870]: Ignore SMTP Alerts: No
  262. May 7 13:54:03 mygentoo snort[8870]: Max Command Line Length: 512
  263. May 7 13:54:03 mygentoo snort[8870]: Max auth Command Line Length: 1000
  264. May 7 13:54:03 mygentoo snort[8870]: Max Specific Command Line Length:
  265. May 7 13:54:03 mygentoo snort[8870]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
  266. May 7 13:54:03 mygentoo snort[8870]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
  267. May 7 13:54:03 mygentoo snort[8870]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
  268. May 7 13:54:03 mygentoo snort[8870]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
  269. May 7 13:54:03 mygentoo snort[8870]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
  270. May 7 13:54:03 mygentoo snort[8870]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
  271. May 7 13:54:03 mygentoo snort[8870]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
  272. May 7 13:54:03 mygentoo snort[8870]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
  273. May 7 13:54:03 mygentoo snort[8870]: XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
  274. May 7 13:54:03 mygentoo snort[8870]: XUSR:246
  275. May 7 13:54:03 mygentoo snort[8870]: Max Header Line Length: 1000
  276. May 7 13:54:03 mygentoo snort[8870]: Max Response Line Length: 512
  277. May 7 13:54:03 mygentoo snort[8870]: X-Link2State Alert: Yes
  278. May 7 13:54:03 mygentoo snort[8870]: Drop on X-Link2State Alert: No
  279. May 7 13:54:03 mygentoo snort[8870]: Alert on commands: None
  280. May 7 13:54:03 mygentoo snort[8870]: Alert on unknown commands: No
  281. May 7 13:54:03 mygentoo snort[8870]: SMTP Memcap: 838860
  282. May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860
  283. May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled
  284. May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited
  285. May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled
  286. May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited
  287. May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled
  288. May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited
  289. May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled
  290. May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited
  291. May 7 13:54:03 mygentoo snort[8870]: Log Attachment filename: Enabled
  292. May 7 13:54:03 mygentoo snort[8870]: Log MAIL FROM Address: Enabled
  293. May 7 13:54:03 mygentoo snort[8870]: Log RCPT TO Addresses: Enabled
  294. May 7 13:54:03 mygentoo snort[8870]: Log Email Headers: Enabled
  295. May 7 13:54:03 mygentoo snort[8870]: Email Hdrs Log Depth: 1464
  296. May 7 13:54:03 mygentoo snort[8870]: SSH config:
  297. May 7 13:54:03 mygentoo snort[8870]: Autodetection: ENABLED
  298. May 7 13:54:03 mygentoo snort[8870]: Challenge-Response Overflow Alert: ENABLED
  299. May 7 13:54:03 mygentoo snort[8870]: SSH1 CRC32 Alert: ENABLED
  300. May 7 13:54:03 mygentoo snort[8870]: Server Version String Overflow Alert: ENABLED
  301. May 7 13:54:03 mygentoo snort[8870]: Protocol Mismatch Alert: ENABLED
  302. May 7 13:54:03 mygentoo snort[8870]: Bad Message Direction Alert: DISABLED
  303. May 7 13:54:03 mygentoo snort[8870]: Bad Payload Size Alert: DISABLED
  304. May 7 13:54:03 mygentoo snort[8870]: Unrecognized Version Alert: DISABLED
  305. May 7 13:54:03 mygentoo snort[8870]: Max Encrypted Packets: 20
  306. May 7 13:54:03 mygentoo snort[8870]: Max Server Version String Length: 100
  307. May 7 13:54:03 mygentoo snort[8870]: MaxClientBytes: 19600 (Default)
  308. May 7 13:54:03 mygentoo snort[8870]: Ports:
  309. May 7 13:54:03 mygentoo snort[8870]: 22
  310. May 7 13:54:03 mygentoo snort[8870]:
  311. May 7 13:54:03 mygentoo snort[8870]: DCE/RPC 2 Preprocessor Configuration
  312. May 7 13:54:03 mygentoo snort[8870]: Global Configuration
  313. May 7 13:54:03 mygentoo snort[8870]: DCE/RPC Defragmentation: Enabled
  314. May 7 13:54:03 mygentoo snort[8870]: Memcap: 102400 KB
  315. May 7 13:54:03 mygentoo snort[8870]: Events: co
  316. May 7 13:54:03 mygentoo snort[8870]: SMB Fingerprint policy: Disabled
  317. May 7 13:54:03 mygentoo snort[8870]: Server Default Configuration
  318. May 7 13:54:03 mygentoo snort[8870]: Policy: WinXP
  319. May 7 13:54:03 mygentoo snort[8870]: Detect ports (PAF)
  320. May 7 13:54:03 mygentoo snort[8870]: SMB: 139 445
  321. May 7 13:54:03 mygentoo snort[8870]: TCP: 135
  322. May 7 13:54:03 mygentoo snort[8870]: UDP: 135
  323. May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP server: 593
  324. May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP proxy: None
  325. May 7 13:54:03 mygentoo snort[8870]: Autodetect ports (PAF)
  326. May 7 13:54:03 mygentoo snort[8870]: SMB: None
  327. May 7 13:54:03 mygentoo snort[8870]: TCP: 1025-65535
  328. May 7 13:54:03 mygentoo snort[8870]: UDP: 1025-65535
  329. May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP server: 1025-65535
  330. May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP proxy: None
  331. May 7 13:54:03 mygentoo snort[8870]: Invalid SMB shares: C$ D$ ADMIN$
  332. May 7 13:54:03 mygentoo snort[8870]: Maximum SMB command chaining: 3 commands
  333. May 7 13:54:03 mygentoo snort[8870]: SMB file inspection: Disabled
  334. May 7 13:54:03 mygentoo snort[8870]: DNS config:
  335. May 7 13:54:03 mygentoo snort[8870]: DNS Client rdata txt Overflow Alert: ACTIVE
  336. May 7 13:54:03 mygentoo snort[8870]: Obsolete DNS RR Types Alert: INACTIVE
  337. May 7 13:54:03 mygentoo snort[8870]: Experimental DNS RR Types Alert: INACTIVE
  338. May 7 13:54:03 mygentoo snort[8870]: Ports:
  339. May 7 13:54:03 mygentoo snort[8870]: 53
  340. May 7 13:54:03 mygentoo snort[8870]:
  341. May 7 13:54:03 mygentoo snort[8870]: SSLPP config:
  342. May 7 13:54:03 mygentoo snort[8870]: Encrypted packets: not inspected
  343. May 7 13:54:03 mygentoo snort[8870]: Ports:
  344. May 7 13:54:03 mygentoo snort[8870]: 443 465 563 636 989
  345. May 7 13:54:03 mygentoo snort[8870]: 992 993 994 995 7801
  346. May 7 13:54:03 mygentoo snort[8870]: 7802 7900 7901 7902 7903
  347. May 7 13:54:03 mygentoo snort[8870]: 7904 7905 7906 7907 7908
  348. May 7 13:54:03 mygentoo snort[8870]: 7909 7910 7911 7912 7913
  349. May 7 13:54:03 mygentoo snort[8870]: 7914 7915 7916 7917 7918
  350. May 7 13:54:03 mygentoo snort[8870]: 7919 7920
  351. May 7 13:54:03 mygentoo snort[8870]: Server side data is trusted
  352. May 7 13:54:03 mygentoo snort[8870]: Maximum SSL Heartbeat length: 0
  353. May 7 13:54:03 mygentoo snort[8870]: Sensitive Data preprocessor config:
  354. May 7 13:54:03 mygentoo snort[8870]: Global Alert Threshold: 25
  355. May 7 13:54:03 mygentoo snort[8870]: Masked Output: DISABLED
  356. May 7 13:54:03 mygentoo snort[8870]: SIP config:
  357. May 7 13:54:03 mygentoo snort[8870]: Max number of sessions: 40000
  358. May 7 13:54:03 mygentoo snort[8870]: Max number of dialogs in a session: 4 (Default)
  359. May 7 13:54:03 mygentoo snort[8870]: Status: ENABLED
  360. May 7 13:54:03 mygentoo snort[8870]: Ignore media channel: DISABLED
  361. May 7 13:54:03 mygentoo snort[8870]: Max URI length: 512
  362. May 7 13:54:03 mygentoo snort[8870]: Max Call ID length: 80
  363. May 7 13:54:03 mygentoo snort[8870]: Max Request name length: 20 (Default)
  364. May 7 13:54:03 mygentoo snort[8870]: Max From length: 256 (Default)
  365. May 7 13:54:03 mygentoo snort[8870]: Max To length: 256 (Default)
  366. May 7 13:54:03 mygentoo snort[8870]: Max Via length: 1024 (Default)
  367. May 7 13:54:03 mygentoo snort[8870]: Max Contact length: 512
  368. May 7 13:54:03 mygentoo snort[8870]: Max Content length: 2048
  369. May 7 13:54:03 mygentoo snort[8870]: Ports:
  370. May 7 13:54:03 mygentoo snort[8870]: 5060
  371. May 7 13:54:03 mygentoo snort[8870]: 5061
  372. May 7 13:54:03 mygentoo snort[8870]: 5600
  373. May 7 13:54:03 mygentoo snort[8870]:
  374. May 7 13:54:03 mygentoo snort[8870]: Methods:
  375. May 7 13:54:03 mygentoo snort[8870]:
  376. May 7 13:54:03 mygentoo snort[8870]: invite
  377. May 7 13:54:03 mygentoo snort[8870]: cancel
  378. May 7 13:54:03 mygentoo snort[8870]: ack
  379. May 7 13:54:03 mygentoo snort[8870]: bye
  380. May 7 13:54:03 mygentoo snort[8870]: register
  381. May 7 13:54:03 mygentoo snort[8870]: options
  382. May 7 13:54:03 mygentoo snort[8870]: refer
  383. May 7 13:54:03 mygentoo snort[8870]: subscribe
  384. May 7 13:54:03 mygentoo snort[8870]: update
  385. May 7 13:54:03 mygentoo snort[8870]: join
  386. May 7 13:54:03 mygentoo snort[8870]: info
  387. May 7 13:54:03 mygentoo snort[8870]: message
  388. May 7 13:54:03 mygentoo snort[8870]: notify
  389. May 7 13:54:03 mygentoo snort[8870]: benotify
  390. May 7 13:54:03 mygentoo snort[8870]: do
  391. May 7 13:54:03 mygentoo snort[8870]: qauth
  392. May 7 13:54:03 mygentoo snort[8870]: sprack
  393. May 7 13:54:03 mygentoo snort[8870]: publish
  394. May 7 13:54:03 mygentoo snort[8870]: service
  395. May 7 13:54:03 mygentoo snort[8870]: unsubscribe
  396. May 7 13:54:03 mygentoo snort[8870]: prack
  397. May 7 13:54:03 mygentoo snort[8870]:
  398. May 7 13:54:03 mygentoo snort[8870]: IMAP Config:
  399. May 7 13:54:03 mygentoo snort[8870]: Ports: 143
  400. May 7 13:54:03 mygentoo snort[8870]: IMAP Memcap: 838860
  401. May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860
  402. May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled
  403. May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited
  404. May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled
  405. May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited
  406. May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled
  407. May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited
  408. May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled
  409. May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited
  410. May 7 13:54:03 mygentoo snort[8870]: POP Config:
  411. May 7 13:54:03 mygentoo snort[8870]: Ports: 110
  412. May 7 13:54:03 mygentoo snort[8870]: POP Memcap: 838860
  413. May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860
  414. May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled
  415. May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited
  416. May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled
  417. May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited
  418. May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled
  419. May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited
  420. May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled
  421. May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited
  422. May 7 13:54:03 mygentoo snort[8870]: Modbus config:
  423. May 7 13:54:03 mygentoo snort[8870]: Ports:
  424. May 7 13:54:03 mygentoo snort[8870]: 502
  425. May 7 13:54:03 mygentoo snort[8870]:
  426. May 7 13:54:03 mygentoo snort[8870]: DNP3 config:
  427. May 7 13:54:03 mygentoo snort[8870]: Memcap: 262144
  428. May 7 13:54:03 mygentoo snort[8870]: Check Link-Layer CRCs: ENABLED
  429. May 7 13:54:03 mygentoo snort[8870]: Ports:
  430. May 7 13:54:03 mygentoo snort[8870]: 20000
  431. May 7 13:54:03 mygentoo snort[8870]:
  432. May 7 13:54:03 mygentoo snort[8870]: Reputation config:
  433. May 7 13:54:03 mygentoo snort[8870]: WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled.
  434. May 7 13:54:03 mygentoo snort[8870]:
  435. May 7 13:54:03 mygentoo snort[8870]: +++++++++++++++++++++++++++++++++++++++++++++++++++
  436. May 7 13:54:03 mygentoo snort[8870]: Initializing rule chains...
  437. May 7 13:54:03 mygentoo snort[8870]: 434 Snort rules read
  438. May 7 13:54:03 mygentoo snort[8870]: 4 detection rules
  439. May 7 13:54:03 mygentoo snort[8870]: 153 decoder rules
  440. May 7 13:54:03 mygentoo snort[8870]: 277 preprocessor rules
  441. May 7 13:54:03 mygentoo snort[8870]: 434 Option Chains linked into 2 Chain Headers
  442. May 7 13:54:03 mygentoo snort[8870]: 0 Dynamic rules
  443. May 7 13:54:03 mygentoo snort[8870]: +++++++++++++++++++++++++++++++++++++++++++++++++++
  444. May 7 13:54:03 mygentoo snort[8870]:
  445. May 7 13:54:03 mygentoo snort[8870]: +-------------------[Rule Port Counts]---------------------------------------
  446. May 7 13:54:03 mygentoo snort[8870]: | tcp udp icmp ip
  447. May 7 13:54:03 mygentoo snort[8870]: | src 0 0 0 0
  448. May 7 13:54:03 mygentoo snort[8870]: | dst 4 0 0 0
  449. May 7 13:54:03 mygentoo snort[8870]: | any 430 0 0 0
  450. May 7 13:54:03 mygentoo snort[8870]: | nc 434 0 0 0
  451. May 7 13:54:03 mygentoo snort[8870]: | s+d 0 0 0 0
  452. May 7 13:54:03 mygentoo snort[8870]: +----------------------------------------------------------------------------
  453. May 7 13:54:03 mygentoo snort[8870]:
  454. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[detection-filter-config]------------------------------
  455. May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes
  456. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[detection-filter-rules]-------------------------------
  457. May 7 13:54:03 mygentoo snort[8870]: | none
  458. May 7 13:54:03 mygentoo snort[8870]: -------------------------------------------------------------------------------
  459. May 7 13:54:03 mygentoo snort[8870]:
  460. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[rate-filter-config]-----------------------------------
  461. May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes
  462. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[rate-filter-rules]------------------------------------
  463. May 7 13:54:03 mygentoo snort[8870]: | none
  464. May 7 13:54:03 mygentoo snort[8870]: -------------------------------------------------------------------------------
  465. May 7 13:54:03 mygentoo snort[8870]:
  466. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-config]----------------------------------
  467. May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes
  468. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-global]----------------------------------
  469. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-local]-----------------------------------
  470. May 7 13:54:03 mygentoo snort[8870]: | none
  471. May 7 13:54:03 mygentoo snort[8870]: +-----------------------[suppression]------------------------------------------
  472. May 7 13:54:03 mygentoo snort[8870]: | none
  473. May 7 13:54:03 mygentoo snort[8870]: -------------------------------------------------------------------------------
  474. May 7 13:54:03 mygentoo snort[8870]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
  475. May 7 13:54:03 mygentoo snort[8870]: Verifying Preprocessor Configurations!
  476. May 7 13:54:03 mygentoo snort[8870]:
  477. May 7 13:54:03 mygentoo snort[8870]: [ Port Based Pattern Matching Memory ]
  478. May 7 13:54:03 mygentoo snort[8870]: [ Number of patterns truncated to 20 bytes: 0 ]
  479. May 7 13:54:03 mygentoo snort[8870]: pcap DAQ configured to passive.
  480. May 7 13:54:03 mygentoo snort[8870]: Acquiring network traffic from "wlp2s0".
  481. May 7 13:54:03 mygentoo snort[8870]: Initializing daemon mode
  482. May 7 13:54:03 mygentoo snort[8878]: Daemon initialized, signaled parent pid: 8870
  483. May 7 13:54:03 mygentoo snort[8878]: Reload thread starting...
  484. May 7 13:54:03 mygentoo snort[8878]: Reload thread started, thread 0x7f274a4b2700 (8879)
  485. May 7 13:54:03 mygentoo kernel: device wlp2s0 entered promiscuous mode
  486. May 7 13:54:03 mygentoo snort[8878]: Decoding Ethernet
  487. May 7 13:54:03 mygentoo snort[8878]: Set gid to 104
  488. May 7 13:54:03 mygentoo snort[8878]: Set uid to 103
  489. May 7 13:54:03 mygentoo snort[8878]: Checking PID path...
  490. May 7 13:54:03 mygentoo snort[8878]: WARNING: /var/run/snort is invalid, trying /var/run...
  491. May 7 13:54:03 mygentoo snort[8878]: Previous Error, errno=13, (Permission denied)
  492. May 7 13:54:03 mygentoo snort[8878]: WARNING: _PATH_VARRUN is invalid, trying /var/log/ ...
  493. May 7 13:54:03 mygentoo snort[8878]: WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort/).
  494. May 7 13:54:03 mygentoo snort[8878]: Writing PID "8878" to file "/var/log/snort///snort_wlp2s0.pid"
  495. May 7 13:54:03 mygentoo snort[8878]:
  496. May 7 13:54:03 mygentoo snort[8878]: --== Initialization Complete ==--
  497. May 7 13:54:03 mygentoo snort[8878]:
  498. May 7 13:54:03 mygentoo snort[8878]: ,,_ -*> Snort! <*-
  499. May 7 13:54:03 mygentoo snort[8878]: o" )~ Version 2.9.8.3 GRE (Build 383)
  500. May 7 13:54:03 mygentoo snort[8878]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
  501. May 7 13:54:03 mygentoo snort[8878]: Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
  502. May 7 13:54:03 mygentoo snort[8878]: Copyright (C) 1998-2013 Sourcefire, Inc., et al.
  503. May 7 13:54:03 mygentoo snort[8878]: Using libpcap version 1.8.1
  504. May 7 13:54:03 mygentoo snort[8878]: Using PCRE version: 8.41 2017-07-05
  505. May 7 13:54:03 mygentoo snort[8878]: Using ZLIB version: 1.2.11
  506. May 7 13:54:03 mygentoo snort[8878]:
  507. May 7 13:54:03 mygentoo snort[8878]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.6 <Build 1>
  508. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
  509. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
  510. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
  511. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SDF Version 1.1 <Build 1>
  512. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
  513. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SIP Version 1.1 <Build 1>
  514. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
  515. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SSH Version 1.1 <Build 3>
  516. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
  517. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DNS Version 1.1 <Build 4>
  518. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_POP Version 1.0 <Build 1>
  519. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_GTP Version 1.1 <Build 1>
  520. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
  521. May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
  522. May 7 13:54:03 mygentoo snort[8878]: Commencing packet processing (pid=8878)
  523. May 7 13:54:04 mygentoo dhcpcd[3920]: wlp2s0: offered 192.168.43.166 from 192.168.43.1
  524. May 7 13:54:04 mygentoo dhcpcd[3920]: wlp2s0: probing address 192.168.43.166/24
  525. May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: leased 192.168.43.166 for 7200 seconds
  526. May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: adding route to 192.168.43.0/24
  527. May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: adding default route via 192.168.43.1
  528. May 7 13:54:14 mygentoo dhcpcd[3920]: wlp2s0: no IPv6 Routers available
  529. May 7 13:57:05 mygentoo kernel: perf: interrupt took too long (3136 > 3135), lowering kernel.perf_event_max_sample_rate to 63000
  530. May 7 13:59:01 mygentoo CROND[10232]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)
  531. May 7 14:00:01 mygentoo CROND[10642]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  532. May 7 14:00:01 mygentoo CROND[10641]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  533. May 7 14:05:15 mygentoo kernel: perf: interrupt took too long (3924 > 3920), lowering kernel.perf_event_max_sample_rate to 50000
  534. May 7 14:10:01 mygentoo CROND[14516]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  535. May 7 14:10:01 mygentoo CROND[14515]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  536. May 7 14:20:01 mygentoo CROND[17810]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  537. May 7 14:20:01 mygentoo CROND[17811]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  538. May 7 14:30:01 mygentoo CROND[19819]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  539. May 7 14:30:01 mygentoo CROND[19820]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  540. May 7 14:40:01 mygentoo CROND[21835]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  541. May 7 14:40:01 mygentoo CROND[21836]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  542. May 7 14:46:19 mygentoo su[23087]: Successful su for root by josephlaptop
  543. May 7 14:46:19 mygentoo su[23087]: + /dev/pts/1 josephlaptop:root
  544. May 7 14:46:19 mygentoo su[23087]: pam_unix(su:session): session opened for user root by (uid=1000)
  545. May 7 14:50:01 mygentoo CROND[23853]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  546. May 7 14:50:01 mygentoo CROND[23852]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  547. May 7 14:59:01 mygentoo CROND[25672]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)
  548. May 7 15:00:01 mygentoo CROND[25877]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  549. May 7 15:00:01 mygentoo CROND[25878]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  550. May 7 15:10:01 mygentoo CROND[27879]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  551. May 7 15:10:01 mygentoo CROND[27878]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  552. May 7 15:20:01 mygentoo CROND[29883]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  553. May 7 15:20:01 mygentoo CROND[29884]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  554. May 7 15:30:01 mygentoo CROND[31886]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  555. May 7 15:30:01 mygentoo CROND[31887]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  556. May 7 15:40:01 mygentoo CROND[1429]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  557. May 7 15:40:01 mygentoo CROND[1430]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  558. May 7 15:50:01 mygentoo CROND[3480]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  559. May 7 15:50:01 mygentoo CROND[3481]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  560. May 7 15:55:48 mygentoo su[4670]: Successful su for root by josephlaptop
  561. May 7 15:55:48 mygentoo su[4670]: + /dev/pts/2 josephlaptop:root
  562. May 7 15:55:48 mygentoo su[4670]: pam_unix(su:session): session opened for user root by (uid=1000)
  563. May 7 15:59:01 mygentoo CROND[15958]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)
  564. May 7 16:00:01 mygentoo CROND[16161]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  565. May 7 16:00:01 mygentoo CROND[16162]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  566. May 7 16:10:01 mygentoo CROND[29710]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
  567. May 7 16:10:01 mygentoo CROND[29711]: (root) CMD (/usr/lib64/sa/sa1 1 1)
  568. May 7 16:11:13 mygentoo kernel: perf: interrupt took too long (4907 > 4905), lowering kernel.perf_event_max_sample_rate to 40000
  569. May 7 16:17:14 mygentoo su[23087]: pam_unix(su:session): session closed for user root
  570.  
Powered by spacepaste. Paste removal.