我们正在查看此文件/var/logs/auth.logs并显示以下内容:
(问题1 :)这可能是黑客尝试吗?
使用此网站https://www.abuseipdb.com/check/59.173.173.107我可以跟踪IP地址的来源。
(问题2 :)last
和auth.logs有什么区别?
(问题3 :)什么是CRON[17637]
和sshd[17686]
?
(问题4 :)这行是什么意思Received disconnect from 59.173.173.107: 11: Normal Shutdown, Thank you for playing [preauth]
?
(问题5 :)这正常吗?每个人都总是得到这个吗?
Its more related to linux/unix and CRON/SSHD daemons than to E2C itself. It is not a security question.
But to answer... CRON is a daemon - task scheduler - starting tasks on specific events (i.e. once a day). The record in log says the CRON started a session with root privileges to run some scheduled tasks and ended the session afterwards.
Yes, this is normal.
SSHD is console used to remotely connect to and manage the server. Somebody from China was trying to connect and get authenticated to the SSH console (unsuccessfully). Normal shutdown means that remote client sent a TCP FIN packet so the TCP connection was correctly closed (server didn't need to wait for the timeout). Normal shutdown means the client has sent a request to shutdown the ssh connection with the message specifying the reason for shutdown. Thanks for playing is just a common message hardcoded in the ssh client. See also https://serverfault.com/a/563303 for details.
And yes, its normal that somebody is trying to connect to your server and log in. It is good practice to limit access to administrative interfaces to authorised IP addresses only using the firewall.
关于“最后”,请键入“ man last”以获取答案。
另外,下次您提出要求之前,请尝试自行进行一些研究。IE
https://www.digitalocean.com/community/tutorials/how-to-monitor-system-authentication-logs-on-ubuntu
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句