Secure audit violence landing

Time:2021-3-2

File path

cd /var/log
-rw-------   1 root   root    1200063 Aug 10 20:04 secure

When doing emergency response or script monitoring, you can refer to the following features

...
Aug 10 09:45:48 Xx-01 sshd[3835443]: Invalid user test from x.x.x.x port 38648
Aug 10 09:45:48 Xx-01 sshd[3835443]: input_userauth_request: invalid user test [preauth]
Aug 10 09:45:48 Xx-01 sshd[3835443]: pam_unix(sshd:auth): check pass; user unknown
Aug 10 09:45:48 Xx-01 sshd[3835443]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x
Aug 10 09:45:49 Xx-01 sshd[3835443]: Failed password for invalid user test from x.x.x.x port 38648 ssh2
Aug 10 09:45:49 Xx-01 sshd[3835443]: Connection closed by x.x.x.x port 38648 [preauth]

#This section is a group, which describes that the IP and port of the source x.x.x failed to log in using the test user name 
Aug 10 09:46:14 Xx-01 sshd[3835624]: Invalid user test from x.x.x.x port 56747
Aug 10 09:46:14 Xx-01 sshd[3835624]: input_userauth_request: invalid user test [preauth]
Aug 10 09:46:14 Xx-01 sshd[3835624]: pam_ unix( sshd:auth ): check pass; user unknown  # pam_ UNIX traditional password verification module
Aug 10 09:46:14 Xx-01 sshd[3835624]: pam_ unix( sshd:auth ): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=x.x.x.x  # pam_ UNIX traditional password verification module
Aug 10 09:46:16 XX-01 sshd [3835624]: failed password for invalid user test from x.x.x.x port 56747 SSH2
Aug 10 09:46:16 XX-01 sshd [3835624]: connection closed by x.x.x.x port 56747 [preauth] ා connection closed
...

Recommended Today

Practice analysis of rust built-in trait: partialeq and EQ

Abstract:Rust uses traits in many places, from simple operator overloading to subtle features like send and sync. This article is shared from Huawei cloud community《Analysis of rust built-in trait: partialeq and EQ》Author: debugzhang Rust uses traits in many places, from simple operator overloading to subtle features like send and sync. Some traits can be automatically […]