檔案路徑
cd /var/log
-rw------- 1 root root 1200063 Aug 10 20:04 secure
做應急回應,或者做腳本監控的時候,都可以參考如下特征
...
Aug 10 09:45:48 Xx-01 sshd[3835443]: Invalid user test from x.x.x.x port 38648
Aug 10 09:45:48 Xx-01 sshd[3835443]: input_userauth_request: invalid user test [preauth]
Aug 10 09:45:48 Xx-01 sshd[3835443]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 09:45:48 Xx-01 sshd[3835443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
Aug 10 09:45:49 Xx-01 sshd[3835443]: Failed password for invalid user test from x.x.x.x port 38648 ssh2
Aug 10 09:45:49 Xx-01 sshd[3835443]: Connection closed by x.x.x.x port 38648 [preauth]
# 這一段為一組,都是描述來源x.x.x.x的ip、埠使用test 用戶名登陸失敗
Aug 10 09:46:14 Xx-01 sshd[3835624]: Invalid user test from x.x.x.x port 56747
Aug 10 09:46:14 Xx-01 sshd[3835624]: input_userauth_request: invalid user test [preauth]
Aug 10 09:46:14 Xx-01 sshd[3835624]: pam_unix(sshd:auth): check pass; user unknown # pam_unix 傳統密碼驗證模塊
Aug 10 09:46:14 Xx-01 sshd[3835624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x # pam_unix 傳統密碼驗證模塊
Aug 10 09:46:16 Xx-01 sshd[3835624]: Failed password for invalid user test from x.x.x.x port 56747 ssh2 # 密碼錯誤
Aug 10 09:46:16 Xx-01 sshd[3835624]: Connection closed by x.x.x.x port 56747 [preauth] # 連接關閉
...
轉載請註明出處,本文鏈接:https://www.uj5u.com/caozuo/6478.html
標籤:Linux
上一篇:linux 創建SWAP磁區
下一篇:聊聊虛擬記憶體