Initial cross-server log inventory + anomaly scan
- 10 hosts (mo1, ams, ams2, ro1, ca1, ca2, ca3, fr1, sony, termux) - discover-logs.sh: portable inventory (Linux/FreeBSD/Termux) - scan-anomalies.sh: ERROR/WARN/CRITICAL counts + journalctl + kubectl - run-all.sh: parallel SSH fan-out - build-summary.py: aggregates into reports/SUMMARY.md - 5 HIGH-severity findings identified on ro1 (apache scanner traffic, mount_monitor warnings)
This commit is contained in:
79
anomalies/mo1.txt
Normal file
79
anomalies/mo1.txt
Normal file
@@ -0,0 +1,79 @@
|
||||
=== Anomaly scan: mo1.3z8.pw (2026-04-10T21:46:10Z) ===
|
||||
|
||||
--- journalctl -p err --since '24 hours ago' ---
|
||||
Apr 09 23:02:18 mo1.3z8.pw sudo[1989355]: pam_unix(sudo:auth): conversation failed
|
||||
Apr 09 23:02:18 mo1.3z8.pw sudo[1989355]: pam_unix(sudo:auth): auth could not identify password for [rpert]
|
||||
Apr 09 23:16:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 09 23:33:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 09 23:59:51 mo1.3z8.pw sudo[4140045]: pam_unix(sudo:auth): conversation failed
|
||||
Apr 09 23:59:51 mo1.3z8.pw sudo[4140045]: pam_unix(sudo:auth): auth could not identify password for [rpert]
|
||||
Apr 10 00:02:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 00:49:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 01:00:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 01:05:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 01:10:33 mo1.3z8.pw sudo[2570337]: pam_unix(sudo:auth): conversation failed
|
||||
Apr 10 01:10:33 mo1.3z8.pw sudo[2570337]: pam_unix(sudo:auth): auth could not identify password for [rpert]
|
||||
Apr 10 02:16:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 03:51:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 04:08:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 05:01:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 05:36:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 05:59:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 07:19:31 mo1.3z8.pw sudo[3980992]: pam_unix(sudo:auth): conversation failed
|
||||
Apr 10 07:19:31 mo1.3z8.pw sudo[3980992]: pam_unix(sudo:auth): auth could not identify password for [rpert]
|
||||
Apr 10 09:52:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 10:21:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 10:56:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 11:07:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 11:42:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 12:11:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 12:16:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 12:57:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 13:08:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 13:13:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 13:36:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 13:41:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 14:34:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 14:39:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 15:14:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 15:31:15 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
Apr 10 15:36:16 mo1.3z8.pw systemd[11617]: Failed to start mbsync.service - Mailbox synchronization (mbsync).
|
||||
|
||||
--- kubectl get events --all-namespaces (warnings) ---
|
||||
|
||||
--- recent log files (mtime < 7d) ---
|
||||
|
||||
--- /var/log disk usage ---
|
||||
822M /var/log
|
||||
524K /var/log/kern.log.1
|
||||
600K /var/log/auth.log.2.gz
|
||||
908K /var/log/auth.log.3.gz
|
||||
1016K /var/log/btmp
|
||||
1.1M /var/log/auth.log.4.gz
|
||||
1.5M /var/log/syslog.4.gz
|
||||
2.3M /var/log/auth.log
|
||||
3.0M /var/log/syslog.2.gz
|
||||
4.3M /var/log/auth.log.1
|
||||
6.9M /var/log/syslog.3.gz
|
||||
18M /var/log/rclone-media.log
|
||||
23M /var/log/btmp.1
|
||||
39M /var/log/syslog.1
|
||||
65M /var/log/syslog
|
||||
655M /var/log/journal
|
||||
|
||||
--- top 15 largest files under /var/log ---
|
||||
916304891 /var/log
|
||||
740593040 /var/log/journal
|
||||
740588944 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4
|
||||
128611656 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-0000000000074a21-00064d0e5525584b.journal
|
||||
109051904 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system.journal
|
||||
75985176 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-000000000013e463-00064e5f5e0e5175.journal
|
||||
74216752 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-000000000010fac9-00064e02e1bb1c0d.journal
|
||||
70106232 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@988ab89fd22f4f208176d25bc2f2470d-00000000000db4af-00064d7f051b8ba1.journal
|
||||
67501427 /var/log/syslog
|
||||
58720256 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/system@00064d7ec2d5b400-62e4a0e0b73c867c.journal~
|
||||
46971424 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-00000000000db4ec-00064d7f051d3e37.journal
|
||||
45807768 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-000000000013e47d-00064e5f64861672.journal
|
||||
40099593 /var/log/syslog.1
|
||||
28811960 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@01eac76beb704389b4f9ca118b11b2f8-000000000010fad6-00064e02e39cd4e3.journal
|
||||
25165824 /var/log/journal/a9f1f6828f9a4d60a85e1079cc2c6bc4/user-1001@00064d7ec2f1014e-21c53d09549b2cc2.journal~
|
||||
Reference in New Issue
Block a user