史萊姆論壇 - 查看單個文章

2003-04-21, 02:11 AM

Apr 20 09:50:00 localhost 78>Apr 20 09:50:00 CROND[21331]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 09:50:00 localhost
Apr 20 10:00:00 localhost
Apr 20 10:00:00 localhost syslogd: Printing partial message
Apr 20 10:00:00 localhost 78>Apr 20 10:00:00 CROND[21352]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 10:00:00 localhost
Apr 20 10:01:00 localhost
Apr 20 10:01:00 localhost syslogd: Printing partial message
Apr 20 10:01:00 localhost 78>Apr 20 10:01:00 CROND[21358]: (root) CMD (run-parts /etc/cron.hourly)
Apr 20 10:01:00 localhost
Apr 20 10:08:50 localhost
Apr 20 10:08:50 localhost syslogd: Printing partial message
Apr 20 10:08:50 localhost 31>Apr 20 10:08:50 rhnsd[21373]: running program /usr/sbin/rhn_check
Apr 20 10:08:50 localhost
Apr 20 10:10:00 localhost
Apr 20 10:10:00 localhost syslogd: Printing partial message
Apr 20 10:10:00 localhost 78>Apr 20 10:10:00 CROND[21377]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 10:10:00 localhost
Apr 20 10:20:00 localhost
Apr 20 10:20:00 localhost syslogd: Printing partial message
Apr 20 10:20:00 localhost
Apr 20 10:28:39 localhost dhcpd: DHCPDISCOVER from 00:10:dc:d7:95:59 via eth0
Apr 20 10:28:40 localhost dhcpd: DHCPOFFER on 我的ip to 00:10:dc:d7:95:59 via eth0
Apr 20 10:28:40 localhost dhcpd: DHCPREQUEST for 我的ip from 00:10:dc:d7:95:59 via eth0
Apr 20 10:28:40 localhost dhcpd: DHCPACK on 我的ip to 00:10:dc:d7:95:59 via eth0
Apr 20 10:30:00 localhost
Apr 20 10:30:00 localhost syslogd: Printing partial message
Apr 20 10:30:00 localhost 78>Apr 20 10:30:00 CROND[21417]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 10:30:00 localhost
Apr 20 10:40:00 localhost
Apr 20 10:40:00 localhost syslogd: Printing partial message
Apr 20 10:40:00 localhost 78>Apr 20 10:40:00 CROND[21438]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 10:40:00 localhost
Apr 20 10:50:00 localhost
Apr 20 10:50:00 localhost syslogd: Printing partial message
Apr 20 10:50:00 localhost 78>Apr 20 10:50:00 CROND[21459]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 10:50:00 localhost
Apr 20 10:54:25 localhost dhcpd: DHCPREQUEST for 我的ip from 00:10:dc:d7:95:33 via eth0
Apr 20 10:54:25 localhost dhcpd: DHCPACK on 我的ip to 00:10:dc:d7:95:33 via eth0
Apr 20 10:55:35 localhost dhcpd: DHCPDISCOVER from 00:10:dc:d7:95:33 via eth0
Apr 20 11:00:00 localhost
Apr 20 11:00:00 localhost syslogd: Printing partial message
Apr 20 11:00:00 localhost 78>Apr 20 11:00:00 CROND[21483]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 11:00:00 localhost
Apr 20 11:01:00 localhost
Apr 20 11:01:00 localhost syslogd: Printing partial message
Apr 20 11:01:00 localhost 78>Apr 20 11:01:00 CROND[21492]: (root) CMD (run-parts /etc/cron.hourly)
Apr 20 11:01:00 localhost
Apr 20 11:03:01 localhost sshd(pam_unix)[21487]: session opened for user XXXXX by (uid=0)
Apr 20 11:03:07 localhost 4$k 20 11:03:07 su(pam_unix)[21520]: session opened for user fl0w by XXXXX(uid=500)

以上是我的linux的部分紀錄過程
我在懷疑是不是被入侵還是中毒?
但是我兩台伺服器都在同一天發生同樣狀況
紀錄都依樣
有哪位高手能幫我解釋上面的訊息嗎?
因為我Linux還不是很董幫幫忙...
謝謝

2003-04-21, 02:11 AM	#1
boyet 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	linux問題請麻煩幫我解釋一下我是不是被入侵了 Apr 20 09:50:00 localhost 78>Apr 20 09:50:00 CROND[21331]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 09:50:00 localhost Apr 20 10:00:00 localhost Apr 20 10:00:00 localhost syslogd: Printing partial message Apr 20 10:00:00 localhost 78>Apr 20 10:00:00 CROND[21352]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:00:00 localhost Apr 20 10:01:00 localhost Apr 20 10:01:00 localhost syslogd: Printing partial message Apr 20 10:01:00 localhost 78>Apr 20 10:01:00 CROND[21358]: (root) CMD (run-parts /etc/cron.hourly) Apr 20 10:01:00 localhost Apr 20 10:08:50 localhost Apr 20 10:08:50 localhost syslogd: Printing partial message Apr 20 10:08:50 localhost 31>Apr 20 10:08:50 rhnsd[21373]: running program /usr/sbin/rhn_check Apr 20 10:08:50 localhost Apr 20 10:10:00 localhost Apr 20 10:10:00 localhost syslogd: Printing partial message Apr 20 10:10:00 localhost 78>Apr 20 10:10:00 CROND[21377]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:10:00 localhost Apr 20 10:20:00 localhost Apr 20 10:20:00 localhost syslogd: Printing partial message Apr 20 10:20:00 localhost Apr 20 10:28:39 localhost dhcpd: DHCPDISCOVER from 00:10:dc:d7:95:59 via eth0 Apr 20 10:28:40 localhost dhcpd: DHCPOFFER on 我的ip to 00:10:dc:d7:95:59 via eth0 Apr 20 10:28:40 localhost dhcpd: DHCPREQUEST for 我的ip from 00:10:dc:d7:95:59 via eth0 Apr 20 10:28:40 localhost dhcpd: DHCPACK on 我的ip to 00:10:dc:d7:95:59 via eth0 Apr 20 10:30:00 localhost Apr 20 10:30:00 localhost syslogd: Printing partial message Apr 20 10:30:00 localhost 78>Apr 20 10:30:00 CROND[21417]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:30:00 localhost Apr 20 10:40:00 localhost Apr 20 10:40:00 localhost syslogd: Printing partial message Apr 20 10:40:00 localhost 78>Apr 20 10:40:00 CROND[21438]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:40:00 localhost Apr 20 10:50:00 localhost Apr 20 10:50:00 localhost syslogd: Printing partial message Apr 20 10:50:00 localhost 78>Apr 20 10:50:00 CROND[21459]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:50:00 localhost Apr 20 10:54:25 localhost dhcpd: DHCPREQUEST for 我的ip from 00:10:dc:d7:95:33 via eth0 Apr 20 10:54:25 localhost dhcpd: DHCPACK on 我的ip to 00:10:dc:d7:95:33 via eth0 Apr 20 10:55:35 localhost dhcpd: DHCPDISCOVER from 00:10:dc:d7:95:33 via eth0 Apr 20 11:00:00 localhost Apr 20 11:00:00 localhost syslogd: Printing partial message Apr 20 11:00:00 localhost 78>Apr 20 11:00:00 CROND[21483]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 11:00:00 localhost Apr 20 11:01:00 localhost Apr 20 11:01:00 localhost syslogd: Printing partial message Apr 20 11:01:00 localhost 78>Apr 20 11:01:00 CROND[21492]: (root) CMD (run-parts /etc/cron.hourly) Apr 20 11:01:00 localhost Apr 20 11:03:01 localhost sshd(pam_unix)[21487]: session opened for user XXXXX by (uid=0) Apr 20 11:03:07 localhost 4$k 20 11:03:07 su(pam_unix)[21520]: session opened for user fl0w by XXXXX(uid=500) 以上是我的linux的部分紀錄過程我在懷疑是不是被入侵還是中毒? 但是我兩台伺服器都在同一天發生同樣狀況紀錄都依樣有哪位高手能幫我解釋上面的訊息嗎? 因為我Linux還不是很董幫幫忙... 謝謝
boyet 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次