Hello, I want to ask on what just happened and what does these means? I was alarmed by auth could not identify password and I think I'm being attacked. Earlier, I keep on encountering webpages not loading incompletely nor properly. After searching about it, I suspect that I have DNS cache poisoning but wasn't too sure. Although I did check my DNS cache and it was 700+. I've also found about the SIGHUP restarting because either something or someone changed the configuration and I don't know about it nor how to do it.
Anyway about the log, I thought the SIGHUP was caused by my putting a Google DNS but the SIGHUPs occured earlier than that and I would like to know what does this mean and what's happening.
I had installed Ubuntu using a USB on a formerly Windows laptop.
Code:
Oct 18 04:46:38 ubuntu-dynabook-Satellite-L20-253E-W sudo: ubuntu : TTY=pts/0 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/usr/bin/systemd-resolve --statisticsOct 18 04:46:40 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:session): session opened for user root by (uid=0)
Oct 18 04:46:40 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:session): session closed for user root
Oct 18 05:11:41 ubuntu-dynabook-Satellite-L20-253E-W dbus-daemon[804]: [system] Failed to activate service 'org.freedesktop.nm_dispatcher': timed out (service_start_timeout=25000ms)
Oct 18 05:11:41 ubuntu-dynabook-Satellite-L20-253E-W dbus-daemon[804]: [system] Failed to activate service 'org.freedesktop.nm_dispatcher': timed out (service_start_timeout=25000ms)
Oct 18 05:13:57 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Received SIGHUP; restarting.
Oct 18 05:13:57 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on 0.0.0.0 port 22.
Oct 18 05:13:57 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on :: port 22.
Oct 18 05:17:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[14776]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 18 05:17:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[14776]: pam_unix(cron:session): session closed for user root
Oct 18 05:22:28 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Received SIGHUP; restarting.
Oct 18 05:22:28 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on 0.0.0.0 port 22.
Oct 18 05:22:28 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on :: port 22.
Oct 18 06:14:01 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Received SIGHUP; restarting.
Oct 18 06:14:01 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on 0.0.0.0 port 22.
Oct 18 06:14:01 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on :: port 22.
Oct 18 06:16:39 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:auth): conversation failed
Oct 18 06:16:39 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:auth): auth could not identify password for [ubuntu]
Oct 18 06:17:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[17378]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 18 06:17:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[17378]: pam_unix(cron:session): session closed for user root
Oct 18 06:25:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[17686]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 18 06:25:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[17686]: pam_unix(cron:session): session closed for user root
Oct 18 06:27:49 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Received SIGHUP; restarting.
Oct 18 06:27:49 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on 0.0.0.0 port 22.
Oct 18 06:27:49 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on :: port 22.
Oct 18 06:27:49 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Received SIGHUP; restarting.
Oct 18 06:27:49 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on 0.0.0.0 port 22.
Oct 18 06:27:49 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on :: port 22.
Oct 18 06:42:01 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Received SIGHUP; restarting.
Oct 18 06:42:01 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on 0.0.0.0 port 22.
Oct 18 06:42:01 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on :: port 22.
Oct 18 06:55:05 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Received SIGHUP; restarting.
Oct 18 06:55:05 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on 0.0.0.0 port 22.
Oct 18 06:55:05 ubuntu-dynabook-Satellite-L20-253E-W sshd[958]: Server listening on :: port 22.
Oct 18 07:08:10 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:auth): conversation failed
Oct 18 07:08:10 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:auth): auth could not identify password for [ubuntu]
Oct 18 07:16:30 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:auth): conversation failed
Oct 18 07:16:30 ubuntu-dynabook-Satellite-L20-253E-W sudo: pam_unix(sudo:auth): auth could not identify password for [ubuntu]
Oct 18 07:17:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[21773]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 18 07:17:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[21773]: pam_unix(cron:session): session closed for user root
Oct 18 07:30:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[22175]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 18 07:30:01 ubuntu-dynabook-Satellite-L20-253E-W CRON[22175]: pam_unix(cron:session): session closed for user root
Also here's my last commandline
Code:
ubuntu :0 :0 Thu Oct 18 02:01 still logged inreboot system boot 4.15.0-36-generi Thu Oct 18 01:59 still running
ubuntu :0 :0 Wed Oct 17 20:07 - down (04:41)
reboot system boot 4.15.0-29-generi Wed Oct 17 20:06 - 00:48 (04:42)
ubuntu :0 :0 Wed Oct 17 20:02 - 20:05 (00:03)
reboot system boot 4.15.0-29-generi Wed Oct 17 20:00 - 20:05 (00:04)
Am I being attacked or hacked?
EDIT: Just found this in the last commandline, didn't see it earlier
Code:
wtmp begins Wed Oct 17 20:00:59 2018
Bookmarks