Liunx secure日志解读
作者:互联网
常见secure日志
第一种登录不成功
Jul 7 08:18:46 exoa sshd[7666]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.60.172 user=root
Jul 7 08:18:46 exoa sshd[7666]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Jul 7 08:18:48 exoa sshd[7666]: Failed password for root from 192.168.60.172 port 27378 ssh2
第二种登录成功
通过账号密码登录成功
正常登录
less /var/log/secure | grep 'Accepted'
密码有误
less /var/log/secure | grep 'Failed password'
非法的登录尝试
less /var/log/secure | grep 'Did not receive'
注意查看此文件下的文件
/var/spool/cron/*
/etc/crontab
/etc/cron.d/*
/etc/cron.daily/*
/etc/cron.hourly/*
/etc/cron.monthly/*
/etc/cron.weekly/
/etc/anacrontab
/var/spool/anacron/*
/etc/cron.daily/*
标签:sshd,secure,登录,cron,etc,Liunx,var,日志 来源: https://www.cnblogs.com/zhuhuibiao/p/16476251.html