- May 7 13:40:01 mygentoo CROND[4347]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 13:40:22 mygentoo su[4436]: Successful su for root by josephlaptop
- May 7 13:40:22 mygentoo su[4436]: + /dev/pts/0 josephlaptop:root
- May 7 13:40:22 mygentoo su[4436]: pam_unix(su:session): session opened for user root by (uid=1000)
- May 7 13:45:13 mygentoo su[4436]: pam_unix(su:session): session closed for user root
- May 7 13:45:14 mygentoo login[4202]: pam_unix(login:session): session closed for user josephlaptop
- May 7 13:45:38 mygentoo login[5268]: pam_unix(login:session): session opened for user josephlaptop by LOGIN(uid=0)
- May 7 13:45:47 mygentoo su[5390]: Successful su for root by josephlaptop
- May 7 13:45:47 mygentoo su[5390]: + /dev/pts/0 josephlaptop:root
- May 7 13:45:47 mygentoo su[5390]: pam_unix(su:session): session opened for user root by (uid=1000)
- May 7 13:50:01 mygentoo CROND[7282]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 13:50:01 mygentoo CROND[7281]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 13:52:04 mygentoo kernel: perf: interrupt took too long (2508 > 2500), lowering kernel.perf_event_max_sample_rate to 79000
- May 7 13:54:01 mygentoo kernel: wlp2s0: authenticate with a0:91:69:d7:f6:bd
- May 7 13:54:01 mygentoo kernel: wlp2s0: send auth to a0:91:69:d7:f6:bd (try 1/3)
- May 7 13:54:01 mygentoo kernel: wlp2s0: authenticated
- May 7 13:54:01 mygentoo kernel: wlp2s0: associate with a0:91:69:d7:f6:bd (try 1/3)
- May 7 13:54:01 mygentoo kernel: wlp2s0: RX AssocResp from a0:91:69:d7:f6:bd (capab=0x8431 status=0 aid=2)
- May 7 13:54:01 mygentoo kernel: wlp2s0: associated
- May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: carrier acquired
- May 7 13:54:01 mygentoo kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
- May 7 13:54:01 mygentoo wpa_cli[8614]: interface wlp2s0 CONNECTED
- May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: adding address fe80::cae6:4ae2:97b3:1111
- May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: IAID d6:cc:fb:3a
- May 7 13:54:01 mygentoo dhcpcd[8752]: sending commands to master dhcpcd process
- May 7 13:54:01 mygentoo dhcpcd[3920]: control command: dhcpcd -m 2003 wlp2s0
- May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: soliciting an IPv6 router
- May 7 13:54:01 mygentoo dhcpcd[3920]: wlp2s0: soliciting a DHCP lease
- May 7 13:54:02 mygentoo snort[8870]: Found pid path directive (/var/run/snort)
- May 7 13:54:02 mygentoo snort[8870]: Running in IDS mode
- May 7 13:54:02 mygentoo snort[8870]:
- May 7 13:54:02 mygentoo snort[8870]: --== Initializing Snort ==--
- May 7 13:54:02 mygentoo snort[8870]: Initializing Output Plugins!
- May 7 13:54:02 mygentoo snort[8870]: Initializing Preprocessors!
- May 7 13:54:02 mygentoo snort[8870]: Initializing Plug-ins!
- May 7 13:54:02 mygentoo snort[8870]: Parsing Rules file "/etc/snort/snort.conf"
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'HTTP_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 80:81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'SHELLCODE_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 0:79 81:65535 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'ORACLE_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 1024:65535 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'SSH_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 22 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'FTP_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 21 2100 3535 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'SIP_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 5060:5061 5600 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'FILE_DATA_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 80:81 110 143 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000:7001 7144:7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180:8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090:9091 9443 9999 11371 34443:34444 41080 50002 55555 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: PortVar 'GTP_PORTS' defined :
- May 7 13:54:03 mygentoo snort[8870]: [ 2123 2152 3386 ]
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: Detection:
- May 7 13:54:03 mygentoo snort[8870]: Search-Method = AC-Full-Q
- May 7 13:54:03 mygentoo snort[8870]: Split Any/Any group = enabled
- May 7 13:54:03 mygentoo snort[8870]: Search-Method-Optimizations = enabled
- May 7 13:54:03 mygentoo snort[8870]: Maximum pattern length = 20
- May 7 13:54:03 mygentoo snort[8870]: Found pid path directive (/var/run/snort)
- May 7 13:54:03 mygentoo snort[8870]: Tagged Packet Limit: 256
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic engine /usr/lib64/snort_dynamicengine/libsf_engine.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading all dynamic detection libs from /usr/lib64/snort_dynamicrules...
- May 7 13:54:03 mygentoo snort[8870]: WARNING: No dynamic libraries found in directory /usr/lib64/snort_dynamicrules.
- May 7 13:54:03 mygentoo snort[8870]: Finished Loading all dynamic detection libs from /usr/lib64/snort_dynamicrules
- May 7 13:54:03 mygentoo snort[8870]: Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor...
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dce2_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ftptelnet_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_gtp_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_pop_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dns_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssl_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_ssh_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_imap_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_sip_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_dnp3_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_sdf_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_smtp_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_reputation_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Loading dynamic preprocessor library /usr/lib64/snort_dynamicpreprocessor/libsf_modbus_preproc.so...
- May 7 13:54:03 mygentoo snort[8870]: done
- May 7 13:54:03 mygentoo snort[8870]: Finished Loading all dynamic preprocessor libs from /usr/lib64/snort_dynamicpreprocessor
- May 7 13:54:03 mygentoo snort[8870]: Log directory = /var/log/snort/
- May 7 13:54:03 mygentoo snort[8870]: WARNING: ip4 normalizations disabled because not inline.
- May 7 13:54:03 mygentoo snort[8870]: WARNING: tcp normalizations disabled because not inline.
- May 7 13:54:03 mygentoo snort[8870]: WARNING: icmp4 normalizations disabled because not inline.
- May 7 13:54:03 mygentoo snort[8870]: WARNING: ip6 normalizations disabled because not inline.
- May 7 13:54:03 mygentoo snort[8870]: WARNING: icmp6 normalizations disabled because not inline.
- May 7 13:54:03 mygentoo snort[8870]: Frag3 global config:
- May 7 13:54:03 mygentoo snort[8870]: Max frags: 65536
- May 7 13:54:03 mygentoo snort[8870]: Fragment memory cap: 4194304 bytes
- May 7 13:54:03 mygentoo snort[8870]: Frag3 engine config:
- May 7 13:54:03 mygentoo snort[8870]: Bound Address: default
- May 7 13:54:03 mygentoo snort[8870]: Target-based policy: WINDOWS
- May 7 13:54:03 mygentoo snort[8870]: Fragment timeout: 180 seconds
- May 7 13:54:03 mygentoo snort[8870]: Fragment min_ttl: 1
- May 7 13:54:03 mygentoo snort[8870]: Fragment Anomalies: Alert
- May 7 13:54:03 mygentoo snort[8870]: Overlap Limit: 10
- May 7 13:54:03 mygentoo snort[8870]: Min fragment Length: 100
- May 7 13:54:03 mygentoo snort[8870]: Max Expected Streams: 768
- May 7 13:54:03 mygentoo snort[8870]: Stream global config:
- May 7 13:54:03 mygentoo snort[8870]: Track TCP sessions: ACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Max TCP sessions: 262144
- May 7 13:54:03 mygentoo snort[8870]: TCP cache pruning timeout: 30 seconds
- May 7 13:54:03 mygentoo snort[8870]: TCP cache nominal timeout: 3600 seconds
- May 7 13:54:03 mygentoo snort[8870]: Memcap (for reassembly packet storage): 8388608
- May 7 13:54:03 mygentoo snort[8870]: Track UDP sessions: ACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Max UDP sessions: 131072
- May 7 13:54:03 mygentoo snort[8870]: UDP cache pruning timeout: 30 seconds
- May 7 13:54:03 mygentoo snort[8870]: UDP cache nominal timeout: 180 seconds
- May 7 13:54:03 mygentoo snort[8870]: Track ICMP sessions: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Track IP sessions: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Log info if session memory consumption exceeds 1048576
- May 7 13:54:03 mygentoo snort[8870]: Send up to 2 active responses
- May 7 13:54:03 mygentoo snort[8870]: Wait at least 5 seconds between responses
- May 7 13:54:03 mygentoo snort[8870]: Protocol Aware Flushing: ACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Maximum Flush Point: 16000
- May 7 13:54:03 mygentoo snort[8870]: Stream TCP Policy config:
- May 7 13:54:03 mygentoo snort[8870]: Bound Address: default
- May 7 13:54:03 mygentoo snort[8870]: Reassembly Policy: WINDOWS
- May 7 13:54:03 mygentoo snort[8870]: Timeout: 180 seconds
- May 7 13:54:03 mygentoo snort[8870]: Limit on TCP Overlaps: 10
- May 7 13:54:03 mygentoo snort[8870]: Maximum number of bytes to queue per session: 1048576
- May 7 13:54:03 mygentoo snort[8870]: Maximum number of segs to queue per session: 2621
- May 7 13:54:03 mygentoo snort[8870]: Options:
- May 7 13:54:03 mygentoo snort[8870]: Require 3-Way Handshake: YES
- May 7 13:54:03 mygentoo snort[8870]: 3-Way Handshake Timeout: 180
- May 7 13:54:03 mygentoo snort[8870]: Detect Anomalies: YES
- May 7 13:54:03 mygentoo snort[8870]: Reassembly Ports:
- May 7 13:54:03 mygentoo snort[8870]: 21 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 22 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 23 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 25 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 42 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 53 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 79 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 80 client (Footprint) server (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 81 client (Footprint) server (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 109 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 110 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 111 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 113 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 119 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 135 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 136 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 137 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 139 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 143 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: 161 client (Footprint)
- May 7 13:54:03 mygentoo snort[8870]: additional ports configured but not printed.
- May 7 13:54:03 mygentoo snort[8870]: Stream UDP Policy config:
- May 7 13:54:03 mygentoo snort[8870]: Timeout: 180 seconds
- May 7 13:54:03 mygentoo snort[8870]: HttpInspect Config:
- May 7 13:54:03 mygentoo snort[8870]: GLOBAL CONFIG
- May 7 13:54:03 mygentoo snort[8870]: Detect Proxy Usage: NO
- May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map Filename: /etc/snort/unicode.map
- May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map Codepage: 1252
- May 7 13:54:03 mygentoo snort[8870]: Memcap used for logging URI and Hostname: 150994944
- May 7 13:54:03 mygentoo snort[8870]: Max Gzip Memory: 838860
- May 7 13:54:03 mygentoo snort[8870]: Max Gzip Sessions: 1613
- May 7 13:54:03 mygentoo snort[8870]: Gzip Compress Depth: 65535
- May 7 13:54:03 mygentoo snort[8870]: Gzip Decompress Depth: 65535
- May 7 13:54:03 mygentoo snort[8870]: DEFAULT SERVER CONFIG:
- May 7 13:54:03 mygentoo snort[8870]: Server profile: All
- May 7 13:54:03 mygentoo snort[8870]: Ports (PAF): 80 81 311 383 591 593 901 1220 1414 1741 1830 2301 2381 2809 3037 3128 3702 4343 4848 5250 6988 7000 7001 7144 7145 7510 7777 7779 8000 8008 8014 8028 8080 8085 8088 8090 8118 8123 8180 8181 8243 8280 8300 8800 8888 8899 9000 9060 9080 9090 9091 9443 9999 11371 34443 34444 41080 50002 55555
- May 7 13:54:03 mygentoo snort[8870]: Server Flow Depth: 0
- May 7 13:54:03 mygentoo snort[8870]: Client Flow Depth: 0
- May 7 13:54:03 mygentoo snort[8870]: Max Chunk Length: 500000
- May 7 13:54:03 mygentoo snort[8870]: Small Chunk Length Evasion: chunk size <= 10, threshold >= 5 times
- May 7 13:54:03 mygentoo snort[8870]: Max Header Field Length: 750
- May 7 13:54:03 mygentoo snort[8870]: Max Number Header Fields: 100
- May 7 13:54:03 mygentoo snort[8870]: Max Number of WhiteSpaces allowed with header folding: 200
- May 7 13:54:03 mygentoo snort[8870]: Inspect Pipeline Requests: YES
- May 7 13:54:03 mygentoo snort[8870]: URI Discovery Strict Mode: NO
- May 7 13:54:03 mygentoo snort[8870]: Allow Proxy Usage: NO
- May 7 13:54:03 mygentoo snort[8870]: Disable Alerting: NO
- May 7 13:54:03 mygentoo snort[8870]: Oversize Dir Length: 500
- May 7 13:54:03 mygentoo snort[8870]: Only inspect URI: NO
- May 7 13:54:03 mygentoo snort[8870]: Normalize HTTP Headers: NO
- May 7 13:54:03 mygentoo snort[8870]: Inspect HTTP Cookies: YES
- May 7 13:54:03 mygentoo snort[8870]: Inspect HTTP Responses: YES
- May 7 13:54:03 mygentoo snort[8870]: Extract Gzip from responses: YES
- May 7 13:54:03 mygentoo snort[8870]: Decompress response files:
- May 7 13:54:03 mygentoo snort[8870]: Unlimited decompression of gzip data from responses: YES
- May 7 13:54:03 mygentoo snort[8870]: Normalize Javascripts in HTTP Responses: YES
- May 7 13:54:03 mygentoo snort[8870]: Max Number of WhiteSpaces allowed with Javascript Obfuscation in HTTP responses: 200
- May 7 13:54:03 mygentoo snort[8870]: Normalize HTTP Cookies: NO
- May 7 13:54:03 mygentoo snort[8870]: Enable XFF and True Client IP: NO
- May 7 13:54:03 mygentoo snort[8870]: Log HTTP URI data: NO
- May 7 13:54:03 mygentoo snort[8870]: Log HTTP Hostname data: NO
- May 7 13:54:03 mygentoo snort[8870]: Extended ASCII code support in URI: NO
- May 7 13:54:03 mygentoo snort[8870]: Ascii: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: Double Decoding: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: %U Encoding: YES alert: YES
- May 7 13:54:03 mygentoo snort[8870]: Bare Byte: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: UTF 8: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: IIS Unicode: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: Multiple Slash: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: IIS Backslash: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: Directory Traversal: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: Web Root Traversal: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: Apache WhiteSpace: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: IIS Delimiter: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: IIS Unicode Map: GLOBAL IIS UNICODE MAP CONFIG
- May 7 13:54:03 mygentoo snort[8870]: Non-RFC Compliant Characters: 0x00 0x01 0x02 0x03 0x04 0x05 0x06 0x07
- May 7 13:54:03 mygentoo snort[8870]: Whitespace Characters: 0x09 0x0b 0x0c 0x0d
- May 7 13:54:03 mygentoo snort[8870]: rpc_decode arguments:
- May 7 13:54:03 mygentoo snort[8870]: Ports to decode RPC on: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779
- May 7 13:54:03 mygentoo snort[8870]: alert_fragments: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: alert_large_fragments: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: alert_incomplete: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: alert_multiple_requests: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: FTPTelnet Config:
- May 7 13:54:03 mygentoo snort[8870]: GLOBAL CONFIG
- May 7 13:54:03 mygentoo snort[8870]: Inspection Type: stateful
- May 7 13:54:03 mygentoo snort[8870]: Check for Encrypted Traffic: YES alert: NO
- May 7 13:54:03 mygentoo snort[8870]: Continue to check encrypted data: YES
- May 7 13:54:03 mygentoo snort[8870]: TELNET CONFIG:
- May 7 13:54:03 mygentoo snort[8870]: Ports: 23
- May 7 13:54:03 mygentoo snort[8870]: Are You There Threshold: 20
- May 7 13:54:03 mygentoo snort[8870]: Normalize: YES
- May 7 13:54:03 mygentoo snort[8870]: Detect Anomalies: YES
- May 7 13:54:03 mygentoo snort[8870]: FTP CONFIG:
- May 7 13:54:03 mygentoo snort[8870]: FTP Server: default
- May 7 13:54:03 mygentoo snort[8870]: Ports (PAF): 21 2100 3535
- May 7 13:54:03 mygentoo snort[8870]: Check for Telnet Cmds: YES alert: YES
- May 7 13:54:03 mygentoo snort[8870]: Ignore Telnet Cmd Operations: YES alert: YES
- May 7 13:54:03 mygentoo snort[8870]: Ignore open data channels: NO
- May 7 13:54:03 mygentoo snort[8870]: FTP Client: default
- May 7 13:54:03 mygentoo snort[8870]: Check for Bounce Attacks: YES alert: YES
- May 7 13:54:03 mygentoo snort[8870]: Check for Telnet Cmds: YES alert: YES
- May 7 13:54:03 mygentoo snort[8870]: Ignore Telnet Cmd Operations: YES alert: YES
- May 7 13:54:03 mygentoo snort[8870]: Max Response Length: 256
- May 7 13:54:03 mygentoo snort[8870]: SMTP Config:
- May 7 13:54:03 mygentoo snort[8870]: Ports: 25 465 587 691
- May 7 13:54:03 mygentoo snort[8870]: Inspection Type: Stateful
- May 7 13:54:03 mygentoo snort[8870]: Normalize: ATRN AUTH BDAT DATA DEBUG EHLO EMAL ESAM ESND ESOM ETRN EVFY EXPN HELO HELP IDENT MAIL NOOP ONEX QUEU QUIT RCPT RSET SAML SEND STARTTLS SOML TICK TIME TURN TURNME VERB VRFY X-EXPS XADR XAUTH XCIR XEXCH50 XGEN XLICENSE X-LINK2STATE XQUE XSTA XTRN XUSR CHUNKING X-ADAT X-DRCP X-ERCP X-EXCH50
- May 7 13:54:03 mygentoo snort[8870]: Ignore Data: No
- May 7 13:54:03 mygentoo snort[8870]: Ignore TLS Data: No
- May 7 13:54:03 mygentoo snort[8870]: Ignore SMTP Alerts: No
- May 7 13:54:03 mygentoo snort[8870]: Max Command Line Length: 512
- May 7 13:54:03 mygentoo snort[8870]: Max auth Command Line Length: 1000
- May 7 13:54:03 mygentoo snort[8870]: Max Specific Command Line Length:
- May 7 13:54:03 mygentoo snort[8870]: ATRN:255 AUTH:246 BDAT:255 DATA:246 DEBUG:255
- May 7 13:54:03 mygentoo snort[8870]: EHLO:500 EMAL:255 ESAM:255 ESND:255 ESOM:255
- May 7 13:54:03 mygentoo snort[8870]: ETRN:246 EVFY:255 EXPN:255 HELO:500 HELP:500
- May 7 13:54:03 mygentoo snort[8870]: IDENT:255 MAIL:260 NOOP:255 ONEX:246 QUEU:246
- May 7 13:54:03 mygentoo snort[8870]: QUIT:246 RCPT:300 RSET:246 SAML:246 SEND:246
- May 7 13:54:03 mygentoo snort[8870]: SIZE:255 STARTTLS:246 SOML:246 TICK:246 TIME:246
- May 7 13:54:03 mygentoo snort[8870]: TURN:246 TURNME:246 VERB:246 VRFY:255 X-EXPS:246
- May 7 13:54:03 mygentoo snort[8870]: XADR:246 XAUTH:246 XCIR:246 XEXCH50:246 XGEN:246
- May 7 13:54:03 mygentoo snort[8870]: XLICENSE:246 X-LINK2STATE:246 XQUE:246 XSTA:246 XTRN:246
- May 7 13:54:03 mygentoo snort[8870]: XUSR:246
- May 7 13:54:03 mygentoo snort[8870]: Max Header Line Length: 1000
- May 7 13:54:03 mygentoo snort[8870]: Max Response Line Length: 512
- May 7 13:54:03 mygentoo snort[8870]: X-Link2State Alert: Yes
- May 7 13:54:03 mygentoo snort[8870]: Drop on X-Link2State Alert: No
- May 7 13:54:03 mygentoo snort[8870]: Alert on commands: None
- May 7 13:54:03 mygentoo snort[8870]: Alert on unknown commands: No
- May 7 13:54:03 mygentoo snort[8870]: SMTP Memcap: 838860
- May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860
- May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Log Attachment filename: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Log MAIL FROM Address: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Log RCPT TO Addresses: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Log Email Headers: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Email Hdrs Log Depth: 1464
- May 7 13:54:03 mygentoo snort[8870]: SSH config:
- May 7 13:54:03 mygentoo snort[8870]: Autodetection: ENABLED
- May 7 13:54:03 mygentoo snort[8870]: Challenge-Response Overflow Alert: ENABLED
- May 7 13:54:03 mygentoo snort[8870]: SSH1 CRC32 Alert: ENABLED
- May 7 13:54:03 mygentoo snort[8870]: Server Version String Overflow Alert: ENABLED
- May 7 13:54:03 mygentoo snort[8870]: Protocol Mismatch Alert: ENABLED
- May 7 13:54:03 mygentoo snort[8870]: Bad Message Direction Alert: DISABLED
- May 7 13:54:03 mygentoo snort[8870]: Bad Payload Size Alert: DISABLED
- May 7 13:54:03 mygentoo snort[8870]: Unrecognized Version Alert: DISABLED
- May 7 13:54:03 mygentoo snort[8870]: Max Encrypted Packets: 20
- May 7 13:54:03 mygentoo snort[8870]: Max Server Version String Length: 100
- May 7 13:54:03 mygentoo snort[8870]: MaxClientBytes: 19600 (Default)
- May 7 13:54:03 mygentoo snort[8870]: Ports:
- May 7 13:54:03 mygentoo snort[8870]: 22
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: DCE/RPC 2 Preprocessor Configuration
- May 7 13:54:03 mygentoo snort[8870]: Global Configuration
- May 7 13:54:03 mygentoo snort[8870]: DCE/RPC Defragmentation: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Memcap: 102400 KB
- May 7 13:54:03 mygentoo snort[8870]: Events: co
- May 7 13:54:03 mygentoo snort[8870]: SMB Fingerprint policy: Disabled
- May 7 13:54:03 mygentoo snort[8870]: Server Default Configuration
- May 7 13:54:03 mygentoo snort[8870]: Policy: WinXP
- May 7 13:54:03 mygentoo snort[8870]: Detect ports (PAF)
- May 7 13:54:03 mygentoo snort[8870]: SMB: 139 445
- May 7 13:54:03 mygentoo snort[8870]: TCP: 135
- May 7 13:54:03 mygentoo snort[8870]: UDP: 135
- May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP server: 593
- May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP proxy: None
- May 7 13:54:03 mygentoo snort[8870]: Autodetect ports (PAF)
- May 7 13:54:03 mygentoo snort[8870]: SMB: None
- May 7 13:54:03 mygentoo snort[8870]: TCP: 1025-65535
- May 7 13:54:03 mygentoo snort[8870]: UDP: 1025-65535
- May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP server: 1025-65535
- May 7 13:54:03 mygentoo snort[8870]: RPC over HTTP proxy: None
- May 7 13:54:03 mygentoo snort[8870]: Invalid SMB shares: C$ D$ ADMIN$
- May 7 13:54:03 mygentoo snort[8870]: Maximum SMB command chaining: 3 commands
- May 7 13:54:03 mygentoo snort[8870]: SMB file inspection: Disabled
- May 7 13:54:03 mygentoo snort[8870]: DNS config:
- May 7 13:54:03 mygentoo snort[8870]: DNS Client rdata txt Overflow Alert: ACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Obsolete DNS RR Types Alert: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Experimental DNS RR Types Alert: INACTIVE
- May 7 13:54:03 mygentoo snort[8870]: Ports:
- May 7 13:54:03 mygentoo snort[8870]: 53
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: SSLPP config:
- May 7 13:54:03 mygentoo snort[8870]: Encrypted packets: not inspected
- May 7 13:54:03 mygentoo snort[8870]: Ports:
- May 7 13:54:03 mygentoo snort[8870]: 443 465 563 636 989
- May 7 13:54:03 mygentoo snort[8870]: 992 993 994 995 7801
- May 7 13:54:03 mygentoo snort[8870]: 7802 7900 7901 7902 7903
- May 7 13:54:03 mygentoo snort[8870]: 7904 7905 7906 7907 7908
- May 7 13:54:03 mygentoo snort[8870]: 7909 7910 7911 7912 7913
- May 7 13:54:03 mygentoo snort[8870]: 7914 7915 7916 7917 7918
- May 7 13:54:03 mygentoo snort[8870]: 7919 7920
- May 7 13:54:03 mygentoo snort[8870]: Server side data is trusted
- May 7 13:54:03 mygentoo snort[8870]: Maximum SSL Heartbeat length: 0
- May 7 13:54:03 mygentoo snort[8870]: Sensitive Data preprocessor config:
- May 7 13:54:03 mygentoo snort[8870]: Global Alert Threshold: 25
- May 7 13:54:03 mygentoo snort[8870]: Masked Output: DISABLED
- May 7 13:54:03 mygentoo snort[8870]: SIP config:
- May 7 13:54:03 mygentoo snort[8870]: Max number of sessions: 40000
- May 7 13:54:03 mygentoo snort[8870]: Max number of dialogs in a session: 4 (Default)
- May 7 13:54:03 mygentoo snort[8870]: Status: ENABLED
- May 7 13:54:03 mygentoo snort[8870]: Ignore media channel: DISABLED
- May 7 13:54:03 mygentoo snort[8870]: Max URI length: 512
- May 7 13:54:03 mygentoo snort[8870]: Max Call ID length: 80
- May 7 13:54:03 mygentoo snort[8870]: Max Request name length: 20 (Default)
- May 7 13:54:03 mygentoo snort[8870]: Max From length: 256 (Default)
- May 7 13:54:03 mygentoo snort[8870]: Max To length: 256 (Default)
- May 7 13:54:03 mygentoo snort[8870]: Max Via length: 1024 (Default)
- May 7 13:54:03 mygentoo snort[8870]: Max Contact length: 512
- May 7 13:54:03 mygentoo snort[8870]: Max Content length: 2048
- May 7 13:54:03 mygentoo snort[8870]: Ports:
- May 7 13:54:03 mygentoo snort[8870]: 5060
- May 7 13:54:03 mygentoo snort[8870]: 5061
- May 7 13:54:03 mygentoo snort[8870]: 5600
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: Methods:
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: invite
- May 7 13:54:03 mygentoo snort[8870]: cancel
- May 7 13:54:03 mygentoo snort[8870]: ack
- May 7 13:54:03 mygentoo snort[8870]: bye
- May 7 13:54:03 mygentoo snort[8870]: register
- May 7 13:54:03 mygentoo snort[8870]: options
- May 7 13:54:03 mygentoo snort[8870]: refer
- May 7 13:54:03 mygentoo snort[8870]: subscribe
- May 7 13:54:03 mygentoo snort[8870]: update
- May 7 13:54:03 mygentoo snort[8870]: join
- May 7 13:54:03 mygentoo snort[8870]: info
- May 7 13:54:03 mygentoo snort[8870]: message
- May 7 13:54:03 mygentoo snort[8870]: notify
- May 7 13:54:03 mygentoo snort[8870]: benotify
- May 7 13:54:03 mygentoo snort[8870]: do
- May 7 13:54:03 mygentoo snort[8870]: qauth
- May 7 13:54:03 mygentoo snort[8870]: sprack
- May 7 13:54:03 mygentoo snort[8870]: publish
- May 7 13:54:03 mygentoo snort[8870]: service
- May 7 13:54:03 mygentoo snort[8870]: unsubscribe
- May 7 13:54:03 mygentoo snort[8870]: prack
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: IMAP Config:
- May 7 13:54:03 mygentoo snort[8870]: Ports: 143
- May 7 13:54:03 mygentoo snort[8870]: IMAP Memcap: 838860
- May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860
- May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: POP Config:
- May 7 13:54:03 mygentoo snort[8870]: Ports: 110
- May 7 13:54:03 mygentoo snort[8870]: POP Memcap: 838860
- May 7 13:54:03 mygentoo snort[8870]: MIME Max Mem: 838860
- May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Base64 Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Quoted-Printable Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Unix-to-Unix Decoding Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction: Enabled
- May 7 13:54:03 mygentoo snort[8870]: Non-Encoded MIME attachment Extraction Depth: Unlimited
- May 7 13:54:03 mygentoo snort[8870]: Modbus config:
- May 7 13:54:03 mygentoo snort[8870]: Ports:
- May 7 13:54:03 mygentoo snort[8870]: 502
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: DNP3 config:
- May 7 13:54:03 mygentoo snort[8870]: Memcap: 262144
- May 7 13:54:03 mygentoo snort[8870]: Check Link-Layer CRCs: ENABLED
- May 7 13:54:03 mygentoo snort[8870]: Ports:
- May 7 13:54:03 mygentoo snort[8870]: 20000
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: Reputation config:
- May 7 13:54:03 mygentoo snort[8870]: WARNING: Can't find any whitelist/blacklist entries. Reputation Preprocessor disabled.
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: +++++++++++++++++++++++++++++++++++++++++++++++++++
- May 7 13:54:03 mygentoo snort[8870]: Initializing rule chains...
- May 7 13:54:03 mygentoo snort[8870]: 434 Snort rules read
- May 7 13:54:03 mygentoo snort[8870]: 4 detection rules
- May 7 13:54:03 mygentoo snort[8870]: 153 decoder rules
- May 7 13:54:03 mygentoo snort[8870]: 277 preprocessor rules
- May 7 13:54:03 mygentoo snort[8870]: 434 Option Chains linked into 2 Chain Headers
- May 7 13:54:03 mygentoo snort[8870]: 0 Dynamic rules
- May 7 13:54:03 mygentoo snort[8870]: +++++++++++++++++++++++++++++++++++++++++++++++++++
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: +-------------------[Rule Port Counts]---------------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | tcp udp icmp ip
- May 7 13:54:03 mygentoo snort[8870]: | src 0 0 0 0
- May 7 13:54:03 mygentoo snort[8870]: | dst 4 0 0 0
- May 7 13:54:03 mygentoo snort[8870]: | any 430 0 0 0
- May 7 13:54:03 mygentoo snort[8870]: | nc 434 0 0 0
- May 7 13:54:03 mygentoo snort[8870]: | s+d 0 0 0 0
- May 7 13:54:03 mygentoo snort[8870]: +----------------------------------------------------------------------------
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[detection-filter-config]------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[detection-filter-rules]-------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | none
- May 7 13:54:03 mygentoo snort[8870]: -------------------------------------------------------------------------------
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[rate-filter-config]-----------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[rate-filter-rules]------------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | none
- May 7 13:54:03 mygentoo snort[8870]: -------------------------------------------------------------------------------
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-config]----------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | memory-cap : 1048576 bytes
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-global]----------------------------------
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[event-filter-local]-----------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | none
- May 7 13:54:03 mygentoo snort[8870]: +-----------------------[suppression]------------------------------------------
- May 7 13:54:03 mygentoo snort[8870]: | none
- May 7 13:54:03 mygentoo snort[8870]: -------------------------------------------------------------------------------
- May 7 13:54:03 mygentoo snort[8870]: Rule application order: activation->dynamic->pass->drop->sdrop->reject->alert->log
- May 7 13:54:03 mygentoo snort[8870]: Verifying Preprocessor Configurations!
- May 7 13:54:03 mygentoo snort[8870]:
- May 7 13:54:03 mygentoo snort[8870]: [ Port Based Pattern Matching Memory ]
- May 7 13:54:03 mygentoo snort[8870]: [ Number of patterns truncated to 20 bytes: 0 ]
- May 7 13:54:03 mygentoo snort[8870]: pcap DAQ configured to passive.
- May 7 13:54:03 mygentoo snort[8870]: Acquiring network traffic from "wlp2s0".
- May 7 13:54:03 mygentoo snort[8870]: Initializing daemon mode
- May 7 13:54:03 mygentoo snort[8878]: Daemon initialized, signaled parent pid: 8870
- May 7 13:54:03 mygentoo snort[8878]: Reload thread starting...
- May 7 13:54:03 mygentoo snort[8878]: Reload thread started, thread 0x7f274a4b2700 (8879)
- May 7 13:54:03 mygentoo kernel: device wlp2s0 entered promiscuous mode
- May 7 13:54:03 mygentoo snort[8878]: Decoding Ethernet
- May 7 13:54:03 mygentoo snort[8878]: Set gid to 104
- May 7 13:54:03 mygentoo snort[8878]: Set uid to 103
- May 7 13:54:03 mygentoo snort[8878]: Checking PID path...
- May 7 13:54:03 mygentoo snort[8878]: WARNING: /var/run/snort is invalid, trying /var/run...
- May 7 13:54:03 mygentoo snort[8878]: Previous Error, errno=13, (Permission denied)
- May 7 13:54:03 mygentoo snort[8878]: WARNING: _PATH_VARRUN is invalid, trying /var/log/ ...
- May 7 13:54:03 mygentoo snort[8878]: WARNING: /var/log/ is invalid, logging Snort PID path to log directory (/var/log/snort/).
- May 7 13:54:03 mygentoo snort[8878]: Writing PID "8878" to file "/var/log/snort///snort_wlp2s0.pid"
- May 7 13:54:03 mygentoo snort[8878]:
- May 7 13:54:03 mygentoo snort[8878]: --== Initialization Complete ==--
- May 7 13:54:03 mygentoo snort[8878]:
- May 7 13:54:03 mygentoo snort[8878]: ,,_ -*> Snort! <*-
- May 7 13:54:03 mygentoo snort[8878]: o" )~ Version 2.9.8.3 GRE (Build 383)
- May 7 13:54:03 mygentoo snort[8878]: '''' By Martin Roesch & The Snort Team: http://www.snort.org/contact#team
- May 7 13:54:03 mygentoo snort[8878]: Copyright (C) 2014-2015 Cisco and/or its affiliates. All rights reserved.
- May 7 13:54:03 mygentoo snort[8878]: Copyright (C) 1998-2013 Sourcefire, Inc., et al.
- May 7 13:54:03 mygentoo snort[8878]: Using libpcap version 1.8.1
- May 7 13:54:03 mygentoo snort[8878]: Using PCRE version: 8.41 2017-07-05
- May 7 13:54:03 mygentoo snort[8878]: Using ZLIB version: 1.2.11
- May 7 13:54:03 mygentoo snort[8878]:
- May 7 13:54:03 mygentoo snort[8878]: Rules Engine: SF_SNORT_DETECTION_ENGINE Version 2.6 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_MODBUS Version 1.1 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_REPUTATION Version 1.1 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SMTP Version 1.1 <Build 9>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SDF Version 1.1 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DNP3 Version 1.1 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SIP Version 1.1 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_IMAP Version 1.0 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SSH Version 1.1 <Build 3>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_SSLPP Version 1.1 <Build 4>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DNS Version 1.1 <Build 4>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_POP Version 1.0 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_GTP Version 1.1 <Build 1>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_FTPTELNET Version 1.2 <Build 13>
- May 7 13:54:03 mygentoo snort[8878]: Preprocessor Object: SF_DCERPC2 Version 1.0 <Build 3>
- May 7 13:54:03 mygentoo snort[8878]: Commencing packet processing (pid=8878)
- May 7 13:54:04 mygentoo dhcpcd[3920]: wlp2s0: offered 192.168.43.166 from 192.168.43.1
- May 7 13:54:04 mygentoo dhcpcd[3920]: wlp2s0: probing address 192.168.43.166/24
- May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: leased 192.168.43.166 for 7200 seconds
- May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: adding route to 192.168.43.0/24
- May 7 13:54:09 mygentoo dhcpcd[3920]: wlp2s0: adding default route via 192.168.43.1
- May 7 13:54:14 mygentoo dhcpcd[3920]: wlp2s0: no IPv6 Routers available
- May 7 13:57:05 mygentoo kernel: perf: interrupt took too long (3136 > 3135), lowering kernel.perf_event_max_sample_rate to 63000
- May 7 13:59:01 mygentoo CROND[10232]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)
- May 7 14:00:01 mygentoo CROND[10642]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 14:00:01 mygentoo CROND[10641]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 14:05:15 mygentoo kernel: perf: interrupt took too long (3924 > 3920), lowering kernel.perf_event_max_sample_rate to 50000
- May 7 14:10:01 mygentoo CROND[14516]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 14:10:01 mygentoo CROND[14515]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 14:20:01 mygentoo CROND[17810]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 14:20:01 mygentoo CROND[17811]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 14:30:01 mygentoo CROND[19819]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 14:30:01 mygentoo CROND[19820]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 14:40:01 mygentoo CROND[21835]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 14:40:01 mygentoo CROND[21836]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 14:46:19 mygentoo su[23087]: Successful su for root by josephlaptop
- May 7 14:46:19 mygentoo su[23087]: + /dev/pts/1 josephlaptop:root
- May 7 14:46:19 mygentoo su[23087]: pam_unix(su:session): session opened for user root by (uid=1000)
- May 7 14:50:01 mygentoo CROND[23853]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 14:50:01 mygentoo CROND[23852]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 14:59:01 mygentoo CROND[25672]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)
- May 7 15:00:01 mygentoo CROND[25877]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 15:00:01 mygentoo CROND[25878]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 15:10:01 mygentoo CROND[27879]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 15:10:01 mygentoo CROND[27878]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 15:20:01 mygentoo CROND[29883]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 15:20:01 mygentoo CROND[29884]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 15:30:01 mygentoo CROND[31886]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 15:30:01 mygentoo CROND[31887]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 15:40:01 mygentoo CROND[1429]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 15:40:01 mygentoo CROND[1430]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 15:50:01 mygentoo CROND[3480]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 15:50:01 mygentoo CROND[3481]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 15:55:48 mygentoo su[4670]: Successful su for root by josephlaptop
- May 7 15:55:48 mygentoo su[4670]: + /dev/pts/2 josephlaptop:root
- May 7 15:55:48 mygentoo su[4670]: pam_unix(su:session): session opened for user root by (uid=1000)
- May 7 15:59:01 mygentoo CROND[15958]: (root) CMD (rm -f /var/spool/cron/lastrun/cron.hourly)
- May 7 16:00:01 mygentoo CROND[16161]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 16:00:01 mygentoo CROND[16162]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 16:10:01 mygentoo CROND[29710]: (root) CMD (test -x /usr/sbin/run-crons && /usr/sbin/run-crons)
- May 7 16:10:01 mygentoo CROND[29711]: (root) CMD (/usr/lib64/sa/sa1 1 1)
- May 7 16:11:13 mygentoo kernel: perf: interrupt took too long (4907 > 4905), lowering kernel.perf_event_max_sample_rate to 40000
- May 7 16:17:14 mygentoo su[23087]: pam_unix(su:session): session closed for user root