CentOS 8 syslog entrys for xrdp & mariadb

Question

I recently took a look into my syslog /var/log/messages and noticed two repeating entries that I don't understand:

The log is full (and I mean full) of:

xrdp[959]: [INFO ] Socket 12: AF_INET connection received from <IP and Port goes here>
xrdp[959]: [DEBUG] Closed socket 12 (AF_INET <IP and Port goes here>)

xrdp and gui were installed by me late on.

The second one is from the database:

mariadbd[878]: 975825 [Warning] Access denied for user 'myuser'@'localhost' (using password: YES)

This entry appears in big blocks between other log entries. The IPs are mostly different and 'myuser'@'localhost' doesn't exist in my database. I think I configured something wrong, but I want to rule out that the server is being attacked.

Can someone give me a small hint?

The system:

Virtualization: kvm
Operating System: CentOS Linux 8 (Core)
CPE OS Name: cpe:/o:centos:centos:8
Kernel: Linux 4.18.0-193.19.1.el8_2.x86_64
Architecture: x86-64

ok. i stopped the xrdp entrys by changing the rdp port and adding tls. — blaze4k, Sep 29 '20 at 16:16

score 0 · Answer 1 · answered Sep 29 '20 at 18:50

okay, i managed to figure it out myself. for the first issue i just changed the port for rdp and added tls, as mentions above.

the syslog spam for the database was the maxscale pakage for mariadb, which was installad at some point, but never used. it was also not configurated and tried to connect to db with somewhat a standart user.

CentOS 8 syslog entrys for xrdp & mariadb

1 Answers1