分页: 1 / 1
请问ubuntu7.04中ssh日志在哪里?
发表于 : 2007-12-02 19:55
由 cmwfox
请问ubuntu7.04中ssh日志在哪里?
发表于 : 2007-12-02 21:17
由 bones7456
grep sshd /var/log/auth.log
发表于 : 2007-12-05 22:09
由 cmwfox
bones7456 写了:grep sshd /var/log/auth.log
谢谢真的在,哈哈.
关于ssh的log
发表于 : 2007-12-19 21:42
由 9981
请问:在/var/log/auth.log中,下面的记录是哪一种等级的风险阿?
.............
Dec 19 18:50:09 ubuntu sshd[4167]: Failed password for invalid user bind from 222.69.93.27 port 48656 ssh2
Dec 19 18:50:09 ubuntu sshd[4169]: Invalid user test from 222.69.93.27
Dec 19 18:50:09 ubuntu sshd[4169]: (pam_unix) check pass; user unknown
Dec 19 18:50:09 ubuntu sshd[4169]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.69.93.27
Dec 19 18:50:11 ubuntu sshd[4169]: Failed password for invalid user test from 222.69.93.27 port 49595 ssh2
Dec 19 18:50:12 ubuntu sshd[4171]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.69.93.27 user=root
Dec 19 18:50:14 ubuntu sshd[4171]: Failed password for root from 222.69.93.27 port 50470 ssh2
Dec 19 18:50:14 ubuntu sshd[4173]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.69.93.27 user=root
Dec 19 18:50:17 ubuntu sshd[4173]: Failed password for root from 222.69.93.27 port 50621 ssh2
Dec 19 18:50:17 ubuntu sshd[4175]: Invalid user user from 222.69.93.27
Dec 19 18:50:17 ubuntu sshd[4175]: (pam_unix) check pass; user unknown
Dec 19 18:50:17 ubuntu sshd[4175]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.69.93.27
Dec 19 18:50:19 ubuntu sshd[4175]: Failed password for invalid user user from 222.69.93.27 port 51746 ssh2
Dec 19 18:50:19 ubuntu sshd[4177]: Invalid user admin from 222.69.93.27
Dec 19 18:50:19 ubuntu sshd[4177]: (pam_unix) check pass; user unknown
Dec 19 18:50:19 ubuntu sshd[4177]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.69.93.27
Dec 19 18:50:21 ubuntu sshd[4177]: Failed password for invalid user admin from 222.69.93.27 port 52663 ssh2
Dec 19 18:50:21 ubuntu sshd[4179]: Invalid user administrator from 222.69.93.27
Dec 19 18:50:21 ubuntu sshd[4179]: (pam_unix) check pass; user unknown
Dec 19 18:50:21 ubuntu sshd[4179]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.69.93.27
Dec 19 18:50:24 ubuntu sshd[4179]: Failed password for invalid user administrator from 222.69.93.27 port 53593 ssh2
Dec 19 18:50:24 ubuntu sshd[4181]: Invalid user operator from 222.69.93.27
Dec 19 18:50:24 ubuntu sshd[4181]: (pam_unix) check pass; user unknown
Dec 19 18:50:24 ubuntu sshd[4181]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.69.93.27
...............
多谢!
发表于 : 2008-02-03 13:30
由 linuxafan
有人在暴力破解ssh远程登录密码,应该针对这个IP配置一下iptables。