현재 위치

›› Forums ›› 공부 ›› 설치 및 활용 QnA

로그를 설명 좀 해주세요 .. 아무래도 좀 이상합니다.

hanpedro의 이미지
글쓴이: hanpedro / 작성시간: 금, 2005/03/25 - 10:10오후

/var/logs 에 있는 .messages에서 뽑은 겁니다. 너무 많아서

Mar 20 21:56:10 www smartd[3136]: Device: /dev/sda, Temperature changed 2 Celsius to 30 Celsius since last report
Mar 20 21:58:20 www sshd(pam_unix)[29517]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root
Mar 20 21:58:24 www sshd(pam_unix)[29519]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root
Mar 20 21:58:28 www sshd(pam_unix)[29521]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root
Mar 20 21:58:33 www sshd(pam_unix)[29523]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root
Mar 20 21:58:37 www sshd(pam_unix)[29525]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root
Mar 20 21:58:42 www sshd(pam_unix)[29527]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root
Mar 20 21:58:47 www sshd(pam_unix)[29529]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root
Mar 20 21:58:51 www sshd(pam_unix)[29531]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.108.29.74 user=root

Mar 21 12:59:06 www sshd(pam_unix)[30321]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=nobody
Mar 21 12:59:08 www named[1257]: lame server resolving 'ns2.pacific.net.in' (in 'pacific.net.in'?): 203.123.176.65#53
Mar 21 12:59:12 www unix_chkpwd[30325]: check pass; user unknown
Mar 21 12:59:12 www sshd(pam_unix)[30323]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 12:59:16 www unix_chkpwd[30328]: check pass; user unknown
Mar 21 12:59:16 www sshd(pam_unix)[30326]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 12:59:19 www sshd(pam_unix)[30329]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 12:59:24 www sshd(pam_unix)[30331]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 12:59:28 www sshd(pam_unix)[30333]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 12:59:32 www sshd(pam_unix)[30335]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 12:59:36 www sshd(pam_unix)[30337]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 12:59:40 www unix_chkpwd[30341]: check pass; user unknown
Mar 21 12:59:40 www sshd(pam_unix)[30339]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 12:59:45 www unix_chkpwd[30344]: check pass; user unknown
Mar 21 12:59:45 www sshd(pam_unix)[30342]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 12:59:50 www unix_chkpwd[30347]: check pass; user unknown
Mar 21 12:59:50 www sshd(pam_unix)[30345]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 12:59:54 www unix_chkpwd[30350]: check pass; user unknown
Mar 21 12:59:54 www sshd(pam_unix)[30348]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 12:59:58 www unix_chkpwd[30353]: check pass; user unknown
Mar 21 12:59:58 www sshd(pam_unix)[30351]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:02 www unix_chkpwd[30356]: check pass; user unknown
Mar 21 13:00:02 www sshd(pam_unix)[30354]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:05 www unix_chkpwd[30359]: check pass; user unknown
Mar 21 13:00:05 www sshd(pam_unix)[30357]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:09 www unix_chkpwd[30362]: check pass; user unknown
Mar 21 13:00:09 www sshd(pam_unix)[30360]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:14 www unix_chkpwd[30365]: check pass; user unknown
Mar 21 13:00:14 www sshd(pam_unix)[30363]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:18 www unix_chkpwd[30368]: check pass; user unknown
Mar 21 13:00:18 www sshd(pam_unix)[30366]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:22 www unix_chkpwd[30371]: check pass; user unknown
Mar 21 13:00:22 www sshd(pam_unix)[30369]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:26 www unix_chkpwd[30374]: check pass; user unknown
Mar 21 13:00:26 www sshd(pam_unix)[30372]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:30 www unix_chkpwd[30377]: check pass; user unknown
Mar 21 13:00:30 www sshd(pam_unix)[30375]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:35 www sshd(pam_unix)[30378]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=operator
Mar 21 13:00:38 www sshd(pam_unix)[30380]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=adm
Mar 21 13:00:43 www sshd(pam_unix)[30382]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=apache
Mar 21 13:00:47 www unix_chkpwd[30386]: check pass; user unknown
Mar 21 13:00:47 www sshd(pam_unix)[30384]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:50 www unix_chkpwd[30389]: check pass; user unknown
Mar 21 13:00:50 www sshd(pam_unix)[30387]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:00:55 www sshd(pam_unix)[30390]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=adm
Mar 21 13:00:59 www sshd(pam_unix)[30392]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:01 www crond(pam_unix)[30394]: session opened for user root by (uid=0)
Mar 21 13:01:01 www crond(pam_unix)[30394]: session closed for user root
Mar 21 13:01:03 www sshd(pam_unix)[30396]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:07 www sshd(pam_unix)[30398]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:11 www unix_chkpwd[30402]: check pass; user unknown
Mar 21 13:01:11 www sshd(pam_unix)[30400]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:01:15 www unix_chkpwd[30405]: check pass; user unknown
Mar 21 13:01:15 www sshd(pam_unix)[30403]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:01:19 www sshd(pam_unix)[30406]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:23 www sshd(pam_unix)[30408]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:27 www sshd(pam_unix)[30411]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:30 www sshd(pam_unix)[30413]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:34 www sshd(pam_unix)[30415]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:38 www unix_chkpwd[30419]: check pass; user unknown
Mar 21 13:01:38 www sshd(pam_unix)[30417]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:01:42 www sshd(pam_unix)[30420]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:46 www sshd(pam_unix)[30422]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:50 www sshd(pam_unix)[30424]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:54 www sshd(pam_unix)[30426]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:01:58 www sshd(pam_unix)[30428]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:02 www sshd(pam_unix)[30430]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:06 www sshd(pam_unix)[30432]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:09 www sshd(pam_unix)[30434]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:14 www sshd(pam_unix)[30436]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:17 www sshd(pam_unix)[30438]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:21 www sshd(pam_unix)[30440]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:25 www sshd(pam_unix)[30442]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:29 www sshd(pam_unix)[30444]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:33 www sshd(pam_unix)[30446]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:37 www sshd(pam_unix)[30448]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:41 www sshd(pam_unix)[30450]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:44 www sshd(pam_unix)[30452]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:49 www sshd(pam_unix)[30454]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:53 www sshd(pam_unix)[30456]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:02:56 www sshd(pam_unix)[30458]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:00 www sshd(pam_unix)[30460]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:04 www sshd(pam_unix)[30462]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:08 www sshd(pam_unix)[30464]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:12 www sshd(pam_unix)[30466]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:20 www sshd(pam_unix)[30468]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:25 www sshd(pam_unix)[30470]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:28 www sshd(pam_unix)[30472]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:32 www sshd(pam_unix)[30474]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:36 www sshd(pam_unix)[30476]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:40 www sshd(pam_unix)[30478]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:44 www sshd(pam_unix)[30480]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:48 www sshd(pam_unix)[30482]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:53 www sshd(pam_unix)[30484]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:03:56 www sshd(pam_unix)[30486]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:04 www sshd(pam_unix)[30488]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:08 www sshd(pam_unix)[30490]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:13 www unix_chkpwd[30494]: check pass; user unknown
Mar 21 13:04:13 www sshd(pam_unix)[30492]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:04:17 www unix_chkpwd[30497]: check pass; user unknown
Mar 21 13:04:17 www sshd(pam_unix)[30495]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:04:20 www sshd(pam_unix)[30498]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:25 www unix_chkpwd[30502]: check pass; user unknown
Mar 21 13:04:25 www sshd(pam_unix)[30500]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:04:29 www sshd(pam_unix)[30503]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:33 www sshd(pam_unix)[30505]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:37 www sshd(pam_unix)[30507]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:41 www sshd(pam_unix)[30509]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root
Mar 21 13:04:49 www unix_chkpwd[30513]: check pass; user unknown
Mar 21 13:04:49 www sshd(pam_unix)[30511]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:04:53 www unix_chkpwd[30516]: check pass; user unknown
Mar 21 13:04:53 www sshd(pam_unix)[30514]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:04:57 www unix_chkpwd[30519]: check pass; user unknown
Mar 21 13:04:57 www sshd(pam_unix)[30517]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:01 www unix_chkpwd[30522]: check pass; user unknown
Mar 21 13:05:01 www sshd(pam_unix)[30520]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:05 www unix_chkpwd[30525]: check pass; user unknown
Mar 21 13:05:05 www sshd(pam_unix)[30523]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:09 www unix_chkpwd[30528]: check pass; user unknown
Mar 21 13:05:09 www sshd(pam_unix)[30526]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:13 www unix_chkpwd[30531]: check pass; user unknown
Mar 21 13:05:13 www sshd(pam_unix)[30529]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:18 www unix_chkpwd[30534]: check pass; user unknown
Mar 21 13:05:18 www sshd(pam_unix)[30532]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:21 www unix_chkpwd[30537]: check pass; user unknown
Mar 21 13:05:21 www sshd(pam_unix)[30535]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:25 www unix_chkpwd[30541]: check pass; user unknown
Mar 21 13:05:25 www sshd(pam_unix)[30538]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:30 www unix_chkpwd[30544]: check pass; user unknown
Mar 21 13:05:30 www sshd(pam_unix)[30542]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:34 www unix_chkpwd[30547]: check pass; user unknown
Mar 21 13:05:34 www sshd(pam_unix)[30545]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:38 www unix_chkpwd[30550]: check pass; user unknown
Mar 21 13:05:38 www sshd(pam_unix)[30548]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:42 www unix_chkpwd[30553]: check pass; user unknown
Mar 21 13:05:42 www sshd(pam_unix)[30551]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:46 www unix_chkpwd[30556]: check pass; user unknown
Mar 21 13:05:46 www sshd(pam_unix)[30554]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:51 www unix_chkpwd[30559]: check pass; user unknown
Mar 21 13:05:51 www sshd(pam_unix)[30557]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:54 www unix_chkpwd[30562]: check pass; user unknown
Mar 21 13:05:54 www sshd(pam_unix)[30560]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:05:56 www named[1257]: client 218.38.12.105#59629: updating zone 'kkk.com/IN': update failed: 'name in use' prerequisite not satisfied (NXDOMAIN)
Mar 21 13:05:57 www named[1257]: client 218.38.12.105#59630: updating zone 'kkk.com/IN': update failed: 'name in use' prerequisite not satisfied (NXDOMAIN)
Mar 21 13:05:58 www unix_chkpwd[30565]: check pass; user unknown
Mar 21 13:05:58 www sshd(pam_unix)[30563]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:06:02 www unix_chkpwd[30568]: check pass; user unknown
Mar 21 13:06:02 www sshd(pam_unix)[30566]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35
Mar 21 13:06:06 www sshd(pam_unix)[30569]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root

Mar 21 13:06:15 www sshd(pam_unix)[30573]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=203.123.190.35 user=root

Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/dm_db-backup.tar dev=dm-0 ino=1097744 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/dm_db-backup.tar dev=dm-0 ino=1097744 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/html_bak.tar.gz dev=dm-0 ino=1097770 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/html_bak.tar.gz dev=dm-0 ino=1097770 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050316.sql dev=dm-0 ino=1097746 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050316.sql dev=dm-0 ino=1097746 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050317.sql dev=dm-0 ino=1097776 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050317.sql dev=dm-0 ino=1097776 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050318.sql dev=dm-0 ino=1097778 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050318.sql dev=dm-0 ino=1097778 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050319.sql dev=dm-0 ino=1097780 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050319.sql dev=dm-0 ino=1097780 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050320.sql dev=dm-0 ino=1097782 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050320.sql dev=dm-0 ino=1097782 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050321.sql dev=dm-0 ino=1097784 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/mysql_db_bak_20050321.sql dev=dm-0 ino=1097784 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.446:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050316.sql dev=dm-0 ino=1097766 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050316.sql dev=dm-0 ino=1097766 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050317.sql dev=dm-0 ino=1097777 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050317.sql dev=dm-0 ino=1097777 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050318.sql dev=dm-0 ino=1097779 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050318.sql dev=dm-0 ino=1097779 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050319.sql dev=dm-0 ino=1097781 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050319.sql dev=dm-0 ino=1097781 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050320.sql dev=dm-0 ino=1097783 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050320.sql dev=dm-0 ino=1097783 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050321.sql dev=dm-0 ino=1097785 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.447:0): avc: denied { getattr } for pid=30618 exe=/bin/chmod path=/backup/zboard_db_bak_20050321.sql dev=dm-0 ino=1097785 scontext=root:system_r:httpd_sys_script_t tcontext=root:object_r:root_t tclass=file
Mar 21 17:20:01 www kernel: audit(1111393201.450:0): avc: denied { dac_override } for pid=30620 exe=/bin/tar capability=1 scontext=root:system_r:httpd_sys_script_t tcontext=root:system_r:httpd_sys_script_t tclass=capability

Mar 23 00:23:19 www kernel: device eth0 entered promiscuous mode
Mar 23 00:23:19 www kernel: device eth0 left promiscuous mode

Mar 23 23:28:39 www sshd(pam_unix)[5377]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw
Mar 23 23:28:44 www unix_chkpwd[5382]: check pass; user unknown
Mar 23 23:28:44 www sshd(pam_unix)[5380]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw
Mar 23 23:28:48 www unix_chkpwd[5385]: check pass; user unknown
Mar 23 23:28:48 www sshd(pam_unix)[5383]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw
Mar 23 23:28:52 www unix_chkpwd[5388]: check pass; user unknown
Mar 23 23:28:52 www sshd(pam_unix)[5386]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw
Mar 23 23:28:56 www unix_chkpwd[5391]: check pass; user unknown
Mar 23 23:28:56 www sshd(pam_unix)[5389]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw
Mar 23 23:29:00 www sshd(pam_unix)[5392]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw user=root
Mar 23 23:29:04 www sshd(pam_unix)[5394]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw user=root
Mar 23 23:29:12 www sshd(pam_unix)[5396]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=k7.asian-east.com.tw user=root

Mar 24 00:26:10 www smartd[3136]: Device: /dev/sda, Temperature changed 2 Celsius to 30 Celsius since last report
Mar 24 03:56:11 www smartd[3136]: Device: /dev/sda, Temperature changed -2 Celsius to 28 Celsius since last report

Mar 24 04:02:03 www named[1257]: lame server resolving 'nis.dacom.co.kr' (in 'dacom.co.kr'?): 211.216.50.150#53
Mar 24 04:02:03 www named[1257]: lame server resolving 'nis.dacom.co.kr' (in 'dacom.co.kr'?): 211.216.50.150#53
Mar 24 04:02:03 www named[1257]: lame server resolving 'ns2.dacom.co.kr' (in 'dacom.co.kr'?): 211.216.50.150#53

Mar 24 10:57:51 www unix_chkpwd[5883]: check pass; user unknown
Mar 24 10:57:51 www vsftpd(pam_unix)[5881]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=24.42.43.94
Mar 24 16:47:16 www vsftpd(pam_unix)[6349]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=61.183.16.222

Mar 25 21:10:52 www sshd(pam_unix)[8092]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.152.37.12 user=root
Mar 25 21:11:01 www sshd(pam_unix)[8094]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=141.152.37.12 user=root

이게 침입시도인가요?

Forums: 
설치 및 활용 QnA
warpdory의 이미지

글쓴이: warpdory / 작성시간: 금, 2005/03/25 - 10:37오후

침입시도 맞습니다. iptables 로 막든지.. route 로 막든지 하세요.

iptables -A INPUT -s 211.50.216.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 83.113.76.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 217.228.141.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 203.236.214.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 220.126.69.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 218.21.109.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 67.123.243.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP


iptables -A INPUT -s 219.95.78.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.142.64.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 221.146.244.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 210.105.102.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 68.73.136.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP

iptables -A INPUT -s 220.72.163.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 155.230.44.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
#iptables -A INPUT -s 218.233.237.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 24.156.0.0/255.255.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP

iptables -A INPUT -s 211.50.216.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
#iptables -A INPUT -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.252.246.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.252.245.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.252.244.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.252.243.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.252.243.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.252.241.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.252.240.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP

iptables -A INPUT -s 211.114.145.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.114.146.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.114.147.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP


iptables -A INPUT -s 218.13.160.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 68.193.103.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 61.249.51.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.235.62.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP
iptables -A INPUT -s 211.39.140.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -i eth0 -j DROP

저는 대충 이쯤 막아둡니다.


---------
귓가에 햇살을 받으며 석양까지 행복한 여행을...
웃으며 떠나갔던 것처럼 미소를 띠고 돌아와 마침내 평안하기를...
- 엘프의 인사, 드래곤 라자, 이영도

즐겁게 놀아보자.

ctcquatre의 이미지

글쓴이: ctcquatre / 작성시간: 금, 2005/03/25 - 10:44오후

warpdory님 그렇게 막으면
부득이 하게 다른 사용자까지 피해가 가지 않나요?

궁금..

Chaos to Cosmos,
Chaos to Chaos,
Cosmos to Cosmos,
Cosmos to Chaos.

warpdory의 이미지

글쓴이: warpdory / 작성시간: 금, 2005/03/25 - 10:48오후

ctcquatre wrote:
warpdory님 그렇게 막으면
부득이 하게 다른 사용자까지 피해가 가지 않나요?

궁금..

같은 대역에 있음을 탓해야죠 뭐.

몇몇 사용자에게 욕 먹고 말지 서버 날려먹고 욕 먹긴 싫거든요.

사실 핑계 거리야 무궁무진합니다. '컴퓨터에 웜바이러스나 스파이웨어가 걸려서 접속이 안될 수 있다.' 부터 시작해서 말이죠.


---------
귓가에 햇살을 받으며 석양까지 행복한 여행을...
웃으며 떠나갔던 것처럼 미소를 띠고 돌아와 마침내 평안하기를...
- 엘프의 인사, 드래곤 라자, 이영도

즐겁게 놀아보자.

Necromancer의 이미지

글쓴이: Necromancer / 작성시간: 금, 2005/03/25 - 10:53오후

무작위로 스캔해서 시도하는 것이라면 정규포트가 아닌
다른 포트로 바꿔버려도 됩니다.

Written By the Black Knight of Destruction

까나리의 이미지

글쓴이: 까나리 / 작성시간: 토, 2005/03/26 - 1:23오전

음, root 접근 막아두세요

그나마 안전할겁니다.

root 필요하실땐 "su -" 를 날려주세요

http://kkanari.egloos.com/

cometary의 이미지

글쓴이: cometary / 작성시간: 월, 2005/04/04 - 11:53오전

음...
그냥 tcpwarpper를 쓰고 Portsentry를 설치해서 동적으로 침입하고자하는
IP에 대해 블럭을 해주면 될듯한데..ㅡㅡ;;
그럼 특정 아이피대역 모두를 막을 필요도 없고...

헤이함은
큰 사고의 씨앗이다.

댓글 달기

텍스트 포맷에 대한 자세한 정보

Filtered HTML

  • 텍스트에 BBCode 태그를 사용할 수 있습니다. URL은 자동으로 링크 됩니다.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>
  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.

BBCode

  • 텍스트에 BBCode 태그를 사용할 수 있습니다. URL은 자동으로 링크 됩니다.
  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param>
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.

Textile

  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • You can use Textile markup to format text.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>

Markdown

  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • Quick Tips:
    • Two or more spaces at a line's end = Line break
    • Double returns = Paragraph
    • *Single asterisks* or _single underscores_ = Emphasis
    • **Double** or __double__ = Strong
    • This is [a link](http://the.link.example.com "The optional title text")
    For complete details on the Markdown syntax, see the Markdown documentation and Markdown Extra documentation for tables, footnotes, and more.
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>

Plain text

  • HTML 태그를 사용할 수 없습니다.
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.
  • 줄과 단락은 자동으로 분리됩니다.
댓글 첨부 파일
이 댓글에 이미지나 파일을 업로드 합니다.
파일 크기는 8 MB보다 작아야 합니다.
허용할 파일 형식: txt pdf doc xls gif jpg jpeg mp3 png rar zip.
CAPTCHA
이것은 자동으로 스팸을 올리는 것을 막기 위해서 제공됩니다.