分析登录档 logwatch
- 2023-04-13 05:32:58
- 来源:其他
- 在手机上看
扫一扫立即进入手机端
fedora core 预设提供的 logwatch
每天分析一次登录档案,并且将资料以 email 的格式寄送给 root 呢!
root@www ~]# mail
Mail version 8.1 6/6/93. Type ? for help.
“/var/spool/mail/root“: 433 messages 433 new
>N 1 logwatch@www.lanyeeweb.com Fri Sep 5 11:42 43/1542 “Logwatch for www.lanyeeweb.com (Linux)“
################### Logwatch 7.3.4 (02/17/07) ####################
Processing Initiated: Sat Sep 19 23:22:38 2009
Date Range Processed: yesterday
( 2009-Sep-18 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: dns.lanyeeweb.com
##################################################################
--------------------- Cron Begin ------------------------
Files with bad mode:
/etc/cron.d/mrtg
/etc/cron.d/mailtolan
/etc/cron.d/sa-update
---------------------- Cron End -------------------------
--------------------- Dovecot Begin ------------------------
Dovecot disconnects:
Logged out: 2 Time(s)
no reason: 6 Time(s)
**Unmatched Entries**
dovecot: Dovecot v1.0.0 starting up: 1 Time(s)
dovecot: Killed with signal 15: 1 Time(s)
---------------------- Dovecot End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy:
118.170.248.238 -> 203.188.201.253:25: 4 Time(s)
Requests with error response codes
404 Not Found
/admin/bk.jpg: 4 Time(s)
/checkno.php: 1 Time(s)
/favicon.ico: 3 Time(s)
/gz/classify/furniture/template/default/style.css: 5 Time(s)
405 Method Not Allowed
203.188.201.253:25: 4 Time(s)
500 Internal Server Error
/~myx18/modules/planet/transfer.php/140/pdf: 1 Time(s)
---------------------- httpd End -------------------------
#p#副标题#e#
--------------------- Named Begin ------------------------
**Unmatched Entries**
automatic empty zone: 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.IP6.ARPA: 1 Time(s)
automatic empty zone: B.E.F.IP6.ARPA: 1 Time(s)
automatic empty zone: D.F.IP6.ARPA: 1 Time(s)
---------------------- Named End -------------------------
--------------------- pam_unix Begin ------------------------
dovecot:
Authentication Failures:
rhost=::ffff:119.147.10.237 : 1 Time(s)
rhost=::ffff:119.147.10.243 : 1 Time(s)
Unknown Entries:
check pass; user unknown: 4 Time(s)
sshd:
Authentication Failures:
root (222.73.111.35): 13 Time(s)
root (193.238.231.48): 2 Time(s)
unknown (222.73.111.35): 2 Time(s)
Invalid Users:
Unknown Account: 2 Time(s)
---------------------- pam_unix End -------------------------
--------------------- SSHD Begin ------------------------
SSHD Started: 1 Time(s)
Failed logins from:
193.238.231.48 (gites.pour-les-vacances.com): 2 times
222.73.111.35: 13 times
Illegal users from:
222.73.111.35: 2 times
Received disconnect:
11: Bye Bye : 16 Time(s)
**Unmatched Entries**
Address 193.238.231.48 maps to gites.pour-les-vacances.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 2 time(s)
---------------------- SSHD End -------------------------
--------------------- Disk Space Begin ------------------------
Filesystem Size Used Avail Use% Mounted on
/dev/sda9 83G 791M 78G 1% /
/dev/sda6 7.6G 3.5G 3.8G 49% /var
/dev/sda5 8.6G 2.0G 6.2G 25% /usr
/dev/sda3 9.5G 337M 8.7G 4% /var/lib/mysql
/dev/sda2 29G 831M 27G 4% /home
/dev/sda7 5.7G 142M 5.3G 3% /var/spool/mail
/dev/sda1 99M 13M 82M 14% /boot
---------------------- Disk Space End -------------------------
###################### Logwatch End #########################