|
linux問題請麻煩幫我解釋一下我是不是被入侵了
Apr 20 09:50:00 localhost 78>Apr 20 09:50:00 CROND[21331]: (root) CMD (/usr/lib/sa/sa1 1 1)
Apr 20 09:50:00 localhost Apr 20 10:00:00 localhost Apr 20 10:00:00 localhost syslogd: Printing partial message Apr 20 10:00:00 localhost 78>Apr 20 10:00:00 CROND[21352]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:00:00 localhost Apr 20 10:01:00 localhost Apr 20 10:01:00 localhost syslogd: Printing partial message Apr 20 10:01:00 localhost 78>Apr 20 10:01:00 CROND[21358]: (root) CMD (run-parts /etc/cron.hourly) Apr 20 10:01:00 localhost Apr 20 10:08:50 localhost Apr 20 10:08:50 localhost syslogd: Printing partial message Apr 20 10:08:50 localhost 31>Apr 20 10:08:50 rhnsd[21373]: running program /usr/sbin/rhn_check Apr 20 10:08:50 localhost Apr 20 10:10:00 localhost Apr 20 10:10:00 localhost syslogd: Printing partial message Apr 20 10:10:00 localhost 78>Apr 20 10:10:00 CROND[21377]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:10:00 localhost Apr 20 10:20:00 localhost Apr 20 10:20:00 localhost syslogd: Printing partial message Apr 20 10:20:00 localhost Apr 20 10:28:39 localhost dhcpd: DHCPDISCOVER from 00:10:dc:d7:95:59 via eth0 Apr 20 10:28:40 localhost dhcpd: DHCPOFFER on 我的ip to 00:10:dc:d7:95:59 via eth0 Apr 20 10:28:40 localhost dhcpd: DHCPREQUEST for 我的ip from 00:10:dc:d7:95:59 via eth0 Apr 20 10:28:40 localhost dhcpd: DHCPACK on 我的ip to 00:10:dc:d7:95:59 via eth0 Apr 20 10:30:00 localhost Apr 20 10:30:00 localhost syslogd: Printing partial message Apr 20 10:30:00 localhost 78>Apr 20 10:30:00 CROND[21417]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:30:00 localhost Apr 20 10:40:00 localhost Apr 20 10:40:00 localhost syslogd: Printing partial message Apr 20 10:40:00 localhost 78>Apr 20 10:40:00 CROND[21438]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:40:00 localhost Apr 20 10:50:00 localhost Apr 20 10:50:00 localhost syslogd: Printing partial message Apr 20 10:50:00 localhost 78>Apr 20 10:50:00 CROND[21459]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 10:50:00 localhost Apr 20 10:54:25 localhost dhcpd: DHCPREQUEST for 我的ip from 00:10:dc:d7:95:33 via eth0 Apr 20 10:54:25 localhost dhcpd: DHCPACK on 我的ip to 00:10:dc:d7:95:33 via eth0 Apr 20 10:55:35 localhost dhcpd: DHCPDISCOVER from 00:10:dc:d7:95:33 via eth0 Apr 20 11:00:00 localhost Apr 20 11:00:00 localhost syslogd: Printing partial message Apr 20 11:00:00 localhost 78>Apr 20 11:00:00 CROND[21483]: (root) CMD (/usr/lib/sa/sa1 1 1) Apr 20 11:00:00 localhost Apr 20 11:01:00 localhost Apr 20 11:01:00 localhost syslogd: Printing partial message Apr 20 11:01:00 localhost 78>Apr 20 11:01:00 CROND[21492]: (root) CMD (run-parts /etc/cron.hourly) Apr 20 11:01:00 localhost Apr 20 11:03:01 localhost sshd(pam_unix)[21487]: session opened for user XXXXX by (uid=0) Apr 20 11:03:07 localhost 4$k 20 11:03:07 su(pam_unix)[21520]: session opened for user fl0w by XXXXX(uid=500) 以上是我的linux的部分紀錄過程 我在懷疑是不是被入侵還是中毒? 但是我兩台伺服器都在同一天發生同樣狀況 紀錄都依樣 有哪位高手能幫我解釋上面的訊息嗎? 因為我Linux還不是很董幫幫忙... 謝謝 |
| 所有時間均為台北時間。現在的時間是 08:40 PM。 |
Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2024, Jelsoft Enterprises Ltd.
『服務條款』
* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *