Hello, I just started receiving the following errors in that auth.log. Dec 25 11:35:28 linux1 authdaemond.plain: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=admin Dec 25 11:35:39 linux1 authdaemond.plain: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=admin Dec 25 11:37:14 linux1 authdaemond.plain: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=backup Dec 25 11:38:08 linux1 authdaemond.plain: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=bin Dec 25 11:38:18 linux1 authdaemond.plain: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=bin Dec 25 11:38:52 linux1 authdaemond.plain: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=bind Dec 25 11:39:01 linux1 authdaemond.plain: (pam_unix) authentication failure; logname= uid=0 euid=0 tty= ruser= rhost= user=bind I am not sure what program is writing these in the log. Any help would be greatly appreciated.
Could be a brute-force attack (someone trying common usernames...). You might want to take a look at these tutorials to stop possible brute-force attacks: http://www.howtoforge.com/preventing_ssh_dictionary_attacks_with_denyhosts http://www.howtoforge.com/fail2ban_debian_etch http://www.howtoforge.com/blockhosts_debian_etch
