우리는 /var/logs/auth.logs 파일을 살펴보고 다음을 보여줍니다.
(질문 1 :) 이것이 가능한 해킹 시도입니까?
이 웹 사이트 https://www.abuseipdb.com/check/59.173.173.107을 사용 하여 IP 주소의 출처를 추적 할 수 있습니다.
(질문 2 :)last
및 auth.logs 의 차이점은 무엇입니까 ?
(질문 3 :) 무엇 CRON[17637]
이며 sshd[17686]
?
(질문 4 :) 이 줄은 무엇을 의미 Received disconnect from 59.173.173.107: 11: Normal Shutdown, Thank you for playing [preauth]
합니까?
(질문 5 :) 이것이 정상입니까? 모두가 항상 이것을 얻습니까?
Its more related to linux/unix and CRON/SSHD daemons than to E2C itself. It is not a security question.
But to answer... CRON is a daemon - task scheduler - starting tasks on specific events (i.e. once a day). The record in log says the CRON started a session with root privileges to run some scheduled tasks and ended the session afterwards.
Yes, this is normal.
SSHD is console used to remotely connect to and manage the server. Somebody from China was trying to connect and get authenticated to the SSH console (unsuccessfully). Normal shutdown means that remote client sent a TCP FIN packet so the TCP connection was correctly closed (server didn't need to wait for the timeout). Normal shutdown means the client has sent a request to shutdown the ssh connection with the message specifying the reason for shutdown. Thanks for playing is just a common message hardcoded in the ssh client. See also https://serverfault.com/a/563303 for details.
And yes, its normal that somebody is trying to connect to your server and log in. It is good practice to limit access to administrative interfaces to authorised IP addresses only using the firewall.
마지막에 관해서는 "마지막 남자"를 입력하여 답을 얻으십시오.
또한 다음에 질문하기 전에 스스로 조사해보십시오. 즉
https://www.digitalocean.com/community/tutorials/how-to-monitor-system-authentication-logs-on-ubuntu
이 기사는 인터넷에서 수집됩니다. 재 인쇄 할 때 출처를 알려주십시오.
침해가 발생한 경우 연락 주시기 바랍니다[email protected] 삭제
몇 마디 만하겠습니다