[已解决]偶不是被入侵了吧。。。请帮看看
# last -n 20 -f /var/log/btmpnobody ssh:notty adsl-226-150.tri Wed Jul 4 14:31 gone - no logout
root ssh:notty sun.taru.edu.cn Wed Jul 4 12:45 - 14:31 (01:46)
test ssh:notty mail.cressnet.ir Wed Jul 4 10:27 - 12:45 (02:17)
test ssh:notty mail.cressnet.ir Wed Jul 4 10:27 - 10:27 (00:00)
root tty1 Tue Jul 3 17:14 gone - no logout
mail ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:27 (23:31)
pgsql ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
pgsql ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
games ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
angel ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
angel ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
news ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
john ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
john ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
george ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
george ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
richard ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
richard ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
stephen ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
stephen ssh:notty 72.54.118.155 Tue Jul 3 10:56 - 10:56 (00:00)
btmp begins Mon Apr 30 22:05:54 2007
偶从来就是用root登录地。。。怎么查看这个btmp日志的时候(刚自己学地命令),怎么那么多不认识的用户啊?好吓人。。。不过除了root,其他都不是通过tty登录的么?偶也不明白这个,请帮看看,谢谢。
ps:
# finger -s
Login Name Tty Idle Login Time Office Office Phone
root root pts/2 Jul 7 19:39 (:0.0)
finger就显示了这么一点,没了。。。不过说明上写的也就是显示从tty登录的。。偶也不太明白。。。
还有呀,偶一直用着电驴的,还有BT,疯狂地下载~,不会是记录的是它们吧。。
[ 本帖最后由 minami 于 2007-7-23 22:23 编辑 ]
页:
[1]