How am I doing and what are these PAM errors?

[Rastar]

CommuniGate Pro sends these nice logs to me but I don't understand what it is they are missing? Is there someone who can make this greek clear?

*This message was transferred with a trial version of CommuniGate(tm)
Pro*


################## LogWatch 2.1.1 Begin #####################


--------------------- ModProbe Begin ------------------------

Can't locate these modules:
synth0: 2 Time(s)

**Unmatched Entries**
modprobe: Can't locate module sound-service-0-0: 5 Time(s)
modprobe: Can't locate module sound-service-1-0: 10 Time(s)
modprobe: Can't locate module sound-slot-1: 10 Time(s)


---------------------- ModProbe End -------------------------



--------------------- Named Begin ------------------------

**Unmatched Entries**
command channel listening on 127.0.0.1#953: 5 Time(s)
loading configuration from '/etc/named.conf': 5 Time(s)
named shutdown succeeded: 5 Time(s)
named startup succeeded: 5 Time(s)
no IPv6 interfaces found: 5 Time(s)
no longer listening on 127.0.0.1#53: 5 Time(s)
no longer listening on 192.168.1.100#53: 5 Time(s)
running: 5 Time(s)
shutting down: 5 Time(s)
starting BIND 9.1.3 -u named: 5 Time(s)
the default for the 'auth-nxdomain' option is now 'no': 5 Time(s)
using 1 CPU: 5 Time(s)


---------------------- Named End -------------------------

Next days Log

--------------------- ftpd-messages Begin ------------------------

User FTP Logins:
AC832F97.ipt.aol.com (172.131.47.151): valar - 2 Time(s)

**Unmatched Entries**
USER valar
PASS password
PWD
SYST
PASV
PORT
LIST
USER valar
PASS password
PWD
SYST
TYPE ASCII
PASV
PORT
LIST
TYPE Image
PASV
PORT
STOR WorldPeace.txt
MDTM 20020313014720 WorldPeace.txt
PWD
TYPE ASCII
PASV
PORT
LIST


---------------------- ftpd-messages End -------------------------



---------------- Connections (secure-log) Begin -------------------

Connections:
Service ftp:
172.131.47.151: 2 Time(s)

**Unmatched Entries**
Mar 12 00:00:32 btshadows sshd[27797]: Accepted password for duncan
from 209.128.195.49 port 1230
Mar 12 00:54:04 btshadows sshd[28541]: Accepted password for duncan
from 209.128.195.50 port 1670
Mar 12 11:04:56 btshadows sshd[4977]: scanned from 132.206.213.41 with
SSH-1.0-SSH_Version_Mapper. Don't panic.
Mar 12 11:04:56 btshadows sshd[4976]: Did not receive identification
string from 132.206.213.41.
Mar 12 13:30:37 btshadows sshd[6892]: PAM pam_set_item: NULL pam handle
passed
Mar 12 13:30:42 btshadows sshd[6892]: PAM pam_set_item: NULL pam handle
passed
Mar 12 13:30:42 btshadows sshd[6892]: Failed password for illegal user
loethe from 172.144.178.191 port 1092
Mar 12 13:30:45 btshadows sshd[6892]: PAM pam_set_item: NULL pam handle
passed
Mar 12 13:30:45 btshadows sshd[6892]: Failed password for illegal user
loethe from 172.144.178.191 port 1092
Mar 12 13:30:47 btshadows sshd[6892]: PAM pam_set_item: NULL pam handle
passed
Mar 12 13:30:47 btshadows sshd[6892]: Failed password for illegal user
loethe from 172.144.178.191 port 1092
Mar 12 13:30:49 btshadows sshd[6892]: PAM pam_set_item: NULL pam handle
passed
Mar 12 13:30:49 btshadows sshd[6892]: Failed password for illegal user
loethe from 172.144.178.191 port 1092

[andrzej]

PAM - Pluggable Authentication Modules.

Someone was trying to log into your ssh server. As the username he used doesn't exist on your system, ssh passed to PAM "null handle". (A "handle", I think is something than should identify the user). PAM responds that the user with a null handle is "illegal" (non-existent), therefore the password fails and PAM refuses to authenticate it. sshd rejects the connection then.

Nothing to worry about, except that someone was trying to log in.

[andrzej]

One more thing - someone was testing your sshd version, probably wanting to exploit the zlib bug recently found. Hope you keep your sshd up to date (or use version 1.x.x).