??Linux?????????????
???????????? ???????[ 2015/9/15 10:32:08 ] ??????????????
??????????????????????????????????????????????????? Linux ??????ó????С?????????????е?????????????????????????????????????????η?????????????ν???????????м??????????????????????
?????????????
??????????????????????????????????????м?????????????????????????????????????????????Ч????????????????????????????????????? SSH ??????????? su ??????????????????з?????????Щ?????????????饗PAM???????????????????л????? Failed password ?? user unknown ???????????????????????????????? Accepted password ?? session opened ?????????????
????????????:
????pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.2.2
????Failed password for invalid user hoover from 10.0.2.2 port 4791 ssh2
????pam_unix(sshd:auth): check pass; user unknown
????PAM service(sshd) ignoring max retries; 6 > 3
??????????????
????Accepted password for hoover from 10.0.2.2 port 4792 ssh2
????pam_unix(sshd:session): session opened for user hoover by (uid=0)
????pam_unix(sshd:session): session closed for user hoover
???????????? grep ????????Щ?????????????????Щ?????????????????????????????????????????? ubuntu ??????????
????$ grep "invalid user" /var/log/auth.log | cut -d ' ' -f 10 | sort | uniq -c | sort -nr
????23 oracle
????18 postgres
????17 nagios
????10 zabbix
????6 test
??????????б??????????????????????ó?????????ò?????????????????????????????????????????????Ч?????????????????????????????
???????????????????????????????? Linux ?????????????????????????????????????????????????????????????????У?????????????root ???????? 2700 ???????????????????????? root ???????????????
????????????????????????????????????????????????????????????????????????????????????λ????Σ??????????????????????????????????????????м???????????????????????????????????????????????????????????????????????3??12????????????? Nagios ????Ρ???????????????????????????
????????????
??????????????????????????????????崻??????????????????????????????
???????????
?????????????????? shutdown ?????????????????????п???????????????????????????? IP 50.0.134.125 ????? ubuntu ????????????????????????
????Mar 19 18:36:41 ip-172-31-11-231 sshd[23437]: Accepted publickey for ubuntu from 50.0.134.125 port 52538 ssh
????Mar 19 18:36:41 ip-172-31-11-231 23437]:sshd[ pam_unix(sshd:session): session opened for user ubuntu by (uid=0)
????Mar 19 18:37:09 ip-172-31-11-231 sudo: ubuntu : TTY=pts/1 ; PWD=/home/ubuntu ; USER=root ; COMMAND=/sbin/shutdown -r now
???????????
???????????????????????????????????????????????????????????????????????????????????kernel???? cpu ???????Initializing?????????
????Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Initializing cgroup subsys cpuset
????Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Initializing cgroup subsys cpu
????Mar 19 18:39:30 ip-172-31-11-231 kernel: [ 0.000000] Linux version 3.8.0-44-generic (buildd@tipua) (gcc version 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) )
????#66~precise1-Ubuntu SMP Tue Jul 15 04:01:04 UTC 2014 (Ubuntu 3.8.0-44.66~precise1-generic 3.8.13.25)
??????????????
?????к??????????·???????????????????????????????t???
??????????????治???????????????????????????????????????????????????棬???μ?????е??????????????????????????????????????????? Out of Memory ????????????????? kill ???????????????????Щ???????????????????????ó?????????????????????
????????:
????[33238.178288] Out of memory: Kill process 6230 (firefox) score 53 or sacrifice child
????[29923450.995084] select 5230 (docker)?? adj 0?? size 708?? to kill
?????????????? grep ??????????????Щ???????????????? ubuntu ??:
????$ grep “Out of memory” /var/log/syslog
????[33238.178288] Out of memory: Kill process 6230 (firefox) score 53 or sacrifice child
??????????grep ???????棬??????????? grep ??????????治?????????????????????????洢????????
?????????????????
????cron ??????????????????????????????????????????н????????????????????????????? cron ????????????????????С???????????????а棬??????? /var/log/cron??/var/log/messages???? /var/log/syslog ????λ?????????????cron ???????????к?????????£????????????ж????? cron ???????????
???????????£?cron ????????????? postfix ???????????????????????????????????????????????????????????????????????
????Mar 13 16:35:01 PSQ110 postfix/pickup[15158]: C3EDC5800B4: uid=1001 from=<hoover>
????Mar 13 16:35:01 PSQ110 postfix/cleanup[15727]: C3EDC5800B4: message-id=<20150310110501.C3EDC5800B4@PSQ110>
????Mar 13 16:35:01 PSQ110 postfix/qmgr[15159]: C3EDC5800B4: from=<hoover@loggly.com>?? size=607?? nrcpt=1 (queue active)
????Mar 13 16:35:05 PSQ110 postfix/smtp[15729]: C3EDC5800B4: to=<hoover@loggly.com>?? relay=gmail-smtp-in.l.google.com[74.125.130.26]:25?? delay=4.1?? delays=0.26/0/2.2/1.7?? dsn=2.0.0?? status=sent (250 2.0.0 OK 1425985505 f16si501651pdj.5 - gsmtp)
????????????? cron ????????????????У????????λ???????????????????? logger ????????? cron ???????? syslog????????????????????? echo ????helloCron ??????????κ??????????ó?????????
????*/5 * * * * echo ‘Hello World’ 2>&1 | /usr/bin/logger -t helloCron
????????????????????
????Apr 28 22:20:01 ip-172-31-11-231 CRON[15296]: (ubuntu) CMD (echo 'Hello World!' 2>&1 | /usr/bin/logger -t helloCron)
????Apr 28 22:20:01 ip-172-31-11-231 helloCron: Hello World!
??????? cron ????????????????????????????????????????????????
????????????????????????????????????????????????????????
??????
???·???
??????????????????
2023/3/23 14:23:39???д?ò??????????
2023/3/22 16:17:39????????????????????Щ??
2022/6/14 16:14:27??????????????????????????
2021/10/18 15:37:44???????????????
2021/9/17 15:19:29???·???????·
2021/9/14 15:42:25?????????????
2021/5/28 17:25:47??????APP??????????
2021/5/8 17:01:11
sales@spasvo.com