I just ran netstat -vatn and found there was a connection ESTABLISHED on :22 from my ip and another unknown ip. Moments later I ran it again and found the connection was gone.
I have a default installation of openssh-server-5.3 that runs on port 22. I just installed this server and have not given out any access to anyone. Wouldn't this mean someone has just accessed my server?
Yes, but that doesn't mean he was able to login.
It was probably someone trying to login with common passwords.
Even for trying to login the connection needs to be established of course.
Check /var/log/secure for more information.
I can see from your post history that you are attempting to install a secure Linux server and I sense you are not very experienced with this stuff.
My first tip is: take a deep breath, remain cool. Even if you see some scary warning messages in the logs, the chances are that they are just that, warnings. Many, many, MANY Linux servers are already running in the interwebz. The days of simple hacks where a default installation would be 0wn3d in seconds are long gone. CentOS, by default, is very secure unless you made something really stupid, such as allowing ssh root logins and setting up the password to be password or equivalently simple.
My second tip is: all kinds of port scans/ssh login attempts/www weakness attempts/whatever are tried all the time. Attackers and botnets are doing that en masse, ignoring the protected targets and utilizing the vulnerable ones. I'm confident your default CentOS installation is safe enough, but of course you can see your /var/log and look out for suspicious lines. Again, lines such as POSSIBLE BREAK-IN ATTEMPT are not the end of the world, just a warning.
My third tip is: should you have any questions, please post them there with enough detail. A question with only a couple of lines is impossible to answer. We are gurus, yes, but not mentalists or psychics.
