0

Anyone knows what are the highlihtet lines mean?

Jun 17 22:20:03 webserver sshd[29519]: Invalid user pi from 197.44.122.204 port 42716
Jun 17 22:20:03 webserver sshd[29519]: input_userauth_request: invalid user pi [preauth]
Jun 17 22:20:03 webserver sshd[29519]: Connection closed by 197.44.122.204 port 42716 [preauth]
Jun 17 22:20:03 webserver sshd[29524]: Invalid user pi from 197.44.122.204 port 42718
Jun 17 22:20:03 webserver sshd[29524]: input_userauth_request: invalid user pi [preauth]
Jun 17 22:20:03 webserver sshd[29524]: Connection closed by 197.44.122.204 port 42718 [preauth]
<---FROM HERE
Jun 17 23:01:24 webserver polkitd[499]: Loading rules from directory /etc/polkit-1/rules.d
Jun 17 23:01:24 webserver polkitd[499]: Loading rules from directory /usr/share/polkit-1/rules.d
Jun 17 23:01:24 webserver polkitd[499]: Finished loading, compiling and executing 2 rules
Jun 17 23:01:24 webserver polkitd[499]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
Jun 17 23:01:27 webserver sshd[887]: Server listening on 0.0.0.0 port 22.
Jun 17 23:01:27 webserver sshd[887]: Server listening on :: port 22.
TO HERE--->
Jun 17 23:21:54 webserver sshd[3355]: Received disconnect from 68.183.80.224 port 42660:11: Bye Bye [preauth]
Jun 17 23:21:54 webserver sshd[3355]: Disconnected from 68.183.80.224 port 42660 [preauth]
Jun 17 23:21:55 webserver sshd[3357]: Invalid user admin from 68.183.80.224 port 44154
Jun 17 23:21:55 webserver sshd[3357]: input_userauth_request: invalid user admin [preauth]
Jun 17 23:21:55 webserver sshd[3357]: Received disconnect from 68.183.80.224 port 44154:11: Bye Bye [preauth]
Jun 17 23:21:55 webserver sshd[3357]: Disconnected from 68.183.80.224 port 44154 [preauth]
Jun 17 23:21:57 webserver sshd[3359]: Invalid user admin from 68.183.80.224 port 45566
Jun 17 23:21:57 webserver sshd[3359]: input_userauth_request: invalid user admin [preauth]

I have a webserver running on this machine with NginX, PHP, MySQL, etc... and somehow from this date, the webapplications are unable to enter the database, while I'm able to do so in the terminal. I just hope it is a MySQL glitch, but I'm unable to recognise the highlighted lines from my secure log. Anyone know what could it be?

Bert
  • 984
  • 1
  • 11
  • 29
  • 2
    You're asking the wrong question. You should be asking why your applications can't connect to the database. – Michael Hampton Jun 18 '19 at 05:40
  • That is solved: Selinux turned on and the previous sysadmin forgot to add `setsebool -P httpd_can_network_connect_db 1`. But I'm more concerned about the secure log right now – Bert Jun 18 '19 at 05:49

0 Answers0