1、tail -f /var/log/secure 看安全日记判断是否有人恶意攻击服务器
1.1 表示root用户关闭了会话(也就是关闭了终端)
xxx sshd: pam_unix(sshd:session): session closed for user root
1.2 表示接受来自14.23.168.10的root用户的公钥登录
xxx sshd: Accepted publickey for root from 14.23.168.10 port 36637 ssh2
1.3 表示给root用户打开一个终端
xxx sshd: pam_unix(sshd:session): session opened for user root by (uid=0)
1.4 表示已经连着的终端自动断开毗连,并关闭终端
xxx sshd[9913]: Received disconnect from 183.60.122.237: 11: disconnected by user
xxx sshd[9913]: pam_unix(sshd:session): session closed for user root
1.5 无效的用户redis来毗连说明
#表示对端利用无效的用户redis来毗连
Xxx sshd[31261]: Invalid user redis from 45.115.45.3 port 33274
#本机对redis用户举行认证,认证失败,发送错误信号给对端
xxx sshd[31261]: input_userauth_request: invalid user redis [preauth]
# 对端吸收到错误信号自动断开毗连
xxx sshd[31261]: Received disconnect from 45.115.45.3 port 33274:11: Bye Bye [preauth]
# 毗连关闭
xxx sshd[31261]: Disconnected from 45.115.45.3 port 33274 [preauth] 2、/var/log/secure不再写入记载办理方法
2.1 systemctl restart sshd 重启sshd服务
2.2 service syslog restart
假如,电脑上没有syslog服务,只把sshd重启不起作用,请利用 chkconfig --list | grep sys 表现有rsyslog服务,用service rsyslog restart重启服务即可。
