Linux 安全信息查看
- 终端登录情况
last
- ssh登录情况
cat /var/log/secure | grep -i "accepted password"
- 定时任务
cat /var/log/cron
- 统计尝试入侵的IP
cat /var/log/secure|awk '/Failed/{print $(NF-3)}'|sort|uniq -c|awk '{print $2"="$1;}'
- 禁用IP
echo sshd:183.40.138.224:deny >> /etc/hosts.deny
crontab -e
/var/spool/cron/crontabs
- cat /var/log/secure
正常登录退出日志
Apr 11 16:36:06 bc2 sshd[11280]: Accepted password for root from 13.111.211.40 port 54560 ssh2
Apr 11 16:36:07 bc2 sshd[11280]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 11 16:36:07 bc2 sshd[11283]: Accepted password for root from 13.111.211.40 port 54563 ssh2
Apr 11 16:36:07 bc2 sshd[11283]: pam_unix(sshd:session): session opened for user root by (uid=0)
Apr 11 16:36:17 bc2 sshd[11280]: pam_unix(sshd:session): session closed for user root
Apr 11 16:36:17 bc2 sshd[11283]: pam_unix(sshd:session): session closed for user root
密码枚举日志
Apr 11 16:38:52 bc2 sshd[12063]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 11 16:38:53 bc2 sshd[12063]: Failed password for root from 111.23.72.25 port 45486 ssh2
Apr 11 16:39:07 bc2 sshd[12063]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 11 16:39:09 bc2 sshd[12063]: Failed password for root from 111.23.72.25 port 45486 ssh2
Apr 11 16:39:09 bc2 sshd[12063]: Connection closed by 111.23.72.25 port 45486 [preauth]
Apr 11 16:39:09 bc2 sshd[12063]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.23.72.25 user=root
Apr 11 16:39:19 bc2 sshd[7663]: pam_unix(sshd:session): session closed for user root
Apr 11 16:39:28 bc2 sshd[12351]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=111.23.72.25 user=root
Apr 11 16:39:28 bc2 sshd[12351]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
Apr 11 16:39:30 bc2 sshd[12351]: Failed password for root from 111.23.72.25 port 45524 ssh2
Apr 11 16:39:55 bc2 sshd[12493]: refused connect from 36.153.0.228 (36.153.0.228)
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· SQL Server 2025 AI相关能力初探
· Linux系列:如何用 C#调用 C方法造成内存泄露
· AI与.NET技术实操系列(二):开始使用ML.NET
· 记一次.NET内存居高不下排查解决与启示
· 探究高空视频全景AR技术的实现原理
· 阿里最新开源QwQ-32B,效果媲美deepseek-r1满血版,部署成本又又又降低了!
· SQL Server 2025 AI相关能力初探
· AI编程工具终极对决:字节Trae VS Cursor,谁才是开发者新宠?
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
2014-10-17 海思hi3518 opencv测试
2014-10-17 linux so库路径设置( LD_LIBRARY_PATH)
2007-10-17 vc 获得和设置系统环境变量