- 论坛徽章:
- 0
|
检查日志是个好的习惯,在linux里也有日志文件,是在/var/log/message 和/var/log/secure两个文件,下面检查中,发现有人企图用root 进行ssh登陆,但是密码不正确
[root@localhost log]# pwd
/var/log
[root@localhost log]# more messages
Nov 4 17:08:03 localhost syslogd 1.4.1: restart.
Nov 4 17:25:53 localhost sshd(pam_unix)[9897]: session opened for user root by root(uid=0)
Nov 4 17:28:09 localhost sshd: sshd -TERM succeeded
Nov 4 17:28:09 localhost sshd: succeeded
Nov 5 15:20:24 localhost sshd(pam_unix)[10474]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.20.100.110 u
ser=root
Nov 5 15:20:32 localhost sshd(pam_unix)[10476]: session opened for user root by root(uid=0)
[root@localhost log]# more secure
Nov 4 17:25:52 localhost sshd[9895]: Address 10.20.100.110 maps to localhost, but this does not map back to the address - POSSIBLE
BREAKIN ATTEMPT!
Nov 4 17:25:52 localhost sshd[9895]: Accepted password for root from ::ffff:10.20.100.110 port 2031 ssh2
Nov 4 17:28:09 localhost sshd[5226]: Received signal 15; terminating.
Nov 4 17:28:09 localhost sshd[9943]: Server listening on :: port 2501.
Nov 4 17:28:09 localhost sshd[9943]: error: Bind to port 2501 on 0.0.0.0 failed: Address already in use.
Nov 5 15:20:24 localhost sshd[10474]: Address 10.20.100.110 maps to localhost, but this does not map back to the address - POSSIBLE
BREAKIN ATTEMPT!
Nov 5 15:20:26 localhost sshd[10474]: Failed password for root from ::ffff:10.20.100.110 port 2779 ssh2
Nov 5 15:20:32 localhost sshd[10474]: Accepted password for root from ::ffff:10.20.100.110 port 2779 ssh2
[root@localhost log]#
本文来自ChinaUnix博客,如果查看原文请点:http://blog.chinaunix.net/u3/105400/showart_2087083.html |
|
免费注册
发表于 2009-11-05 15:35