zoukankan      html  css  js  c++  java

  • secure 审计暴力登陆

    文件路径

    cd /var/log
-rw-------   1 root   root    1200063 Aug 10 20:04 secure

    做应急响应,或者做脚本监控的时候,都可以参考如下特征

    ...
Aug 10 09:45:48 Xx-01 sshd[3835443]: Invalid user test from x.x.x.x port 38648
Aug 10 09:45:48 Xx-01 sshd[3835443]: input_userauth_request: invalid user test [preauth]
Aug 10 09:45:48 Xx-01 sshd[3835443]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 09:45:48 Xx-01 sshd[3835443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
Aug 10 09:45:49 Xx-01 sshd[3835443]: Failed password for invalid user test from x.x.x.x port 38648 ssh2
Aug 10 09:45:49 Xx-01 sshd[3835443]: Connection closed by x.x.x.x port 38648 [preauth]

# 这一段为一组,都是描述来源x.x.x.x的ip、端口使用test 用户名登陆失败 
Aug 10 09:46:14 Xx-01 sshd[3835624]: Invalid user test from x.x.x.x port 56747
Aug 10 09:46:14 Xx-01 sshd[3835624]: input_userauth_request: invalid user test [preauth]
Aug 10 09:46:14 Xx-01 sshd[3835624]: pam_unix(sshd:auth): check pass; user unknown  # pam_unix  传统密码验证模块
Aug 10 09:46:14 Xx-01 sshd[3835624]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x  # pam_unix  传统密码验证模块
Aug 10 09:46:16 Xx-01 sshd[3835624]: Failed password for invalid user test from x.x.x.x port 56747 ssh2 # 密码错误
Aug 10 09:46:16 Xx-01 sshd[3835624]: Connection closed by x.x.x.x port 56747 [preauth] # 连接关闭
...
  • 相关阅读:
    POJ2503 Babelfish
    POJ3687 Labeling Balls(拓扑)
    POJ2251 Dungeon Master(bfs)
    POJ1321 棋盘问题(dfs)
    POJ3009 Curling 2.0(DFS)
    POJ2248 A Knight's Journey(DFS)
    POJ3080 Blue Jeans
    POJ1260 Pearls(dp,矩阵链乘法)
    POJ3349 Snowflake Snow Snowflakes(哈希)
    POJ2479 Maximum sum(dp)
  • 原文地址:https://www.cnblogs.com/mysticbinary/p/13471931.html
Copyright © 2011-2022 走看看