LinuxϵͳÖеÄÈÕÖ¾ÎļþÊǼͼϵͳÔËÐÐ״̬¡¢¹ýʧÐÅÏ¢ÒÔ¼°ÖݪֲÙ×÷ÈÕÖ¾µÄÒªº¦×é³É²¿·Ö¡£¹ØÓÚÖÎÀíÔ±À´Ëµ£¬ÏàʶÈÕÖ¾ÎļþÖеÄÁÐÊôÐÔ¼°Æä×÷ÓÿÉÒÔ×ÊÖúËûÃǸüºÃµØ¼à¿Øϵͳ£¬Õï¶ÏÎÊÌⲢʵʱ½â¾ö¡£

ÔÚLinuxÖÐ£¬ÈÕÖ¾Îļþͨ³£´æ·ÅÔÚ/var/logĿ¼ÏÂ£¬ÆäÖаüÀ¨ÁËһЩ³£¼ûµÄÈÕÖ¾Îļþ£¬ºÃ±Èmessages¡¢auth.logµÈ¡£

Ê×ÏÈ£¬ÎÒÃÇÀ´ÉîÈëÏàʶһϳ£¼ûµÄÈÕÖ¾ÎļþÖеÄÁÐÊôÐÔ¼°Æä×÷Óãº

/var/log/messages£º

ÕâÊÇϵͳÖÐ×î³£¼ûµÄÈÕÖ¾ÎļþÖ®Ò»£¬¼Í¼ÁËϵͳÖеĴ󲿷ÖÔËÐÐÐÂÎÅ£¬°üÀ¨Æô¶¯¡¢¹Ø±Õ¡¢Ð§ÀÍÆô¶¯ºÍ×èÖ¹¡¢Ó²¼þÐÅÏ¢µÈ¡£³£ÓõÄÁÐÊôÐÔ¼°×÷ÓÃÈçÏ£º

ʱ¼ä´Á£º¼Í¼ÊÂÎñ±¬·¢µÄʱ¼ä£»

Ö÷»úÃû£º¼Í¼ÊÂÎñ±¬·¢µÄÖ÷»úÃû£»

Àú³ÌID£º¼Í¼ÌìÉúÊÂÎñµÄÀú³ÌID£»

ÐÂÎÅÄÚÈÝ£º¼Í¼ÊÂÎñµÄÏêϸÐÅÏ¢¡£

/var/log/auth.log£º

Õâ¸öÈÕÖ¾Îļþ¼Í¼ÁËϵͳÖÐÓû§µÇ¼¡¢ÈÏÖ¤Ïà¹ØµÄÐÅÏ¢£¬°üÀ¨ÀֳɵǼ¡¢Ê§°ÜµÇ¼ʵÑéµÈ¡£³£ÓõÄÁÐÊôÐÔ¼°×÷ÓÃÈçÏ£º

ʱ¼ä´Á£º¼Í¼ÊÂÎñ±¬·¢µÄʱ¼ä£»

Ö÷»úÃû£º¼Í¼ÊÂÎñ±¬·¢µÄÖ÷»úÃû£»

Óû§Ãû£º¼Í¼µÇÈÎÃü»§µÄÓû§Ãû£»

µÇ¼Ч¹û£º¼Í¼µÇ¼µÄЧ¹û£¬ÈçÀֳɻòʧ°Ü¡£

³ýÁËÉÏÊöÁ½¸ö³£¼ûµÄÈÕÖ¾ÎļþÍâ£¬ÉÐÓÐÆäËûÐí¶àÀàÐ͵ÄÈÕÖ¾Îļþ£¬Èçsyslog¡¢kern.log¡¢secureµÈ£¬Ã¿ÖÖÈÕÖ¾Îļþ¶¼ÓÐÆäÌض¨µÄÁÐÊôÐÔºÍ×÷Óá£

½ÓÏÂÀ´£¬ÈÃÎÒÃÇͨ¹ýһЩÏêϸµÄ´úÂëʾÀýÀ´ÑÝʾÔõÑùÉó²éÈÕÖ¾ÎļþÒÔ¼°Ã÷È·ÆäÖеÄÁÐÊôÐÔ£º

Éó²é/var/log/messagesÎļþµÄÍ·5ÐУº

head -n 5 /var/log/messages

µÇ¼ºó¸´ÖÆ

Éó²é/var/log/auth.logÎļþÖаüÀ¨”Failed password”µÄÈÕÖ¾£º

grep "Failed password" /var/log/auth.log

µÇ¼ºó¸´ÖÆ

Éó²é/var/log/syslogÎļþÖÐij¸öʱ¼ä¶ÎµÄÈÕÖ¾£º

sed -n '/2022-09-01 12:00:00/,/2022-09-01 13:00:00/p' /var/log/syslog

µÇ¼ºó¸´ÖÆ

ͨ¹ýÒÔÉÏ´úÂëʾÀý£¬ÖÎÀíÔ±¿ÉÒÔÇáËɵØÉó²éºÍÆÊÎöϵͳÈÕÖ¾ÎļþÖеÄÄÚÈÝ£¬×ÊÖúËûÃǸüºÃµØ¼à¿ØϵͳÔËÐÐ״̬²¢¿ìËÙ¶¨Î»ÎÊÌâ¡£

×ÜÖ®£¬ÉîÈëÏàʶLinuxÈÕÖ¾ÎļþÖеÄÁÐÊôÐÔ¼°×÷ÓùØÓÚϵͳÖÎÀíÔ±À´ËµÖÁ¹ØÖ÷Òª¡£Í¨¹ýÊìÁ·ÕÆÎÕÈÕÖ¾ÎļþÖеÄÐÅÏ¢£¬ÖÎÀíÔ±¿ÉÒÔ¸üºÃµØÖÎÀíºÍά»¤Linuxϵͳ£¬È·±£ÏµÍ³µÄÎȹÌÐÔºÍÇå¾²ÐÔ¡£

ÒÔÉϾÍÊÇLinuxÈÕÖ¾ÎļþÖÐÁÐÊôÐÔµÄÏêϸÆÊÎöµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡