messaggio nei file di log

[davide119]

Ho reinstallato una Slack 9.0 con i relativi aggiornamenti del sistema ed ho installato portsentry come controllo sulle porte, ho disattivato sshd e telnet.
Credevo di essere abbastanza protetto.
Nei file di log mi ritrovo

May 24 15:12:42 server50 -- MARK --

Stanno provando ad entrare nel mio server?? Sono gia' entrati??
Vorrei capire di cosa si tratta. Qualcuno a qualche indicazioni???


di seguito un estratto dei miei file di log

May 14 16:01:31 #server50 kernel: usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
May 14 16:21:29 #server50 -- MARK --
May 14 16:41:29 #server50 -- MARK --
May 14 17:01:29 #server50 -- MARK --

May 14 17:14:50 #server50 kernel: usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
May 14 17:14:53 #server50 sshd[247]: Server listening on 0.0.0.0 port 22.
May 14 17:34:48 #server50 -- MARK --
May 14 17:54:48 #server50 -- MARK --
May 14 18:26:21 #server50 kernel: usb-uhci.c: v1.275:USB Universal Host Controller Interface driver

May 14 18:29:43 #server50 kernel: UMSDOS 0.86k (compatibility level 0.4, fast msdos)
May 14 18:30:24 #server50 mc: /dev/gpmctl: No such file or directory
May 14 18:46:19 #server50 -- MARK --

May 15 08:42:42 #server50 kernel: usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
May 15 08:48:50 #server50 kernel: UMSDOS 0.86k (compatibility level 0.4, fast msdos)
May 15 09:02:40 #server50 -- MARK --
May 15 09:10:13 #server50 kernel: UMSDOS 0.86k (compatibility level 0.4, fast msdos)
May 15 09:22:40 #server50 -- MARK --
May 15 09:42:40 #server50 -- MARK --
May 15 10:02:40 #server50 -- MARK --

May 15 14:22:33 server50 kernel: usb-uhci.c: v1.275:USB Universal Host Controller Interface driver
May 15 14:42:31 server50 -- MARK --
May 15 15:02:31 server50 -- MARK --
May 15 15:20:42 server50 kernel: UMSDOS 0.86k (compatibility level 0.4, fast msdos)
May 15 15:20:54 server50 mc: /dev/gpmctl: No such file or directory
May 15 15:24:38 server50 portsentry[530]: adminalert: PortSentry 1.2 is starting.

May 15 15:31:11 server50 portsentry[272]: adminalert: PortSentry is now active and listening.
May 15 15:44:25 server50 kernel: UMSDOS 0.86k (compatibility level 0.4, fast msdos)
May 15 15:44:58 server50 mc: /dev/gpmctl: No such file or directory
May 15 16:10:49 server50 -- MARK --
May 15 16:30:49 server50 -- MARK --

May 24 14:13:10 server50 portsentry[285]: adminalert: PortSentry is now active and listening.
May 24 14:32:42 server50 -- MARK --
May 24 14:52:42 server50 -- MARK --
May 24 15:12:42 server50 -- MARK --

[Ikitt]

Originariamente inviato da davide119
Credevo di essere abbastanza protetto.
Nei file di log mi ritrovo

May 24 15:12:42 server50 -- MARK --

Stanno provando ad entrare nel mio server?? Sono gia' entrati??
Vorrei capire di cosa si tratta. Qualcuno a qualche indicazioni???

<cite src="man syslogd">

codice:

       -m interval
              The syslogd logs a mark timestamp regularly.  The default inter-
              val  between  two  --  MARK -- lines is 20 minutes.  This can be
              changed with this option.  Setting the interval to zero turns it
              off entirely.

</cite>

[davide119]

Grazie per le informazioni. Ho apportato le modifiche.