following is a record showing the copyright or hardware information:
Apr 29 19:06:47 www login [28845]: failed login 1 FROM xxx. xxx, User not known to the underlying authentication module
This is the logon failure record: Apr 29 22:05:45 game PAM_pwdb [29509]: (login) session opened for user ncx by (uid = 0 ).
The first step should be Kill-HUP cat'/var/run/syslogd. pid '. Of course, intruders may have already done this.
2. wtmp, utmp logs, FTP Log
You can find the file named wtmp and utmp in t
causes of illegal Internet Intrusion today.
15. intrusion into hosts using system security vulnerabilities, such as Sendmail, Imapd, Pop3d, and DNS, and frequent detection of security vulnerabilities, this is quite easy for hosts that are hard to hack into and repair system vulnerabilities.
16. If Hacker intrude into the computer, the system's Telnet program may be dropped. All the user's Telnet session accounts and passwords are recorded and sent to Hacker via E-mail for further intrusio
used to add access restrictions to users. If this file does not exist, there are no other restrictions.
After the username is analyzed, login searches for/etc/passwd and/etc/shadow to verify the password and set other information about the account, such as what is the main directory and what shell is used. If no main directory is specified, the root directory is used by default. If no shell is specified,/bin/bash is used by default.
After the login program is successful, the last logon informat
-- records the websites connected to your server when the server runs NCSA httpd.
Aculog-stores the modems records you dial out.
Lastlog-records the most recent login records of the user and the initial destination of each user.
Successful Login records
Loginlog-records abnormal login records
Messages -- records the records output to the system console. Other information is generated by syslog.
Security -- Record some examples of attempts to access t
PMU ?! (From Earl's audio at the beginning to Andrew's RIL, it was recently called Touch and there was a RIL)
I feel like no one can communicate with me. Few people can understand me. Every time I find out the real culprit of the problem, I really want to "pull it out! ".
The core of PMU is completed by Microsoft, and it is a user mode program. The thread priority is only 249 (the slowest level is 255). the power button only wants to send messages to this core. LB's power button is not a chiffc
manager. The following describes how to log on in text mode.
In Linux, the Account Verification Program is login. login receives the username sent from mingetty as the username parameter. After analyzing the username, login searches for/etc/passwd and/etc/shadow to verify the password and set other information about the account, such as what is the main directory and what shell is used. If no main directory is specified, the root directory is used by default. If no shell is specified,/bin/bash
, login and other programs to update the wtmp and utmp files, enables the system administrator to track who is logged on to the system at any time.Process statistics-executed by the system kernel. When a process terminates, each process writes a record to the process Statistics file (pacct or ACCT. Process statistics are used to provide command usage statistics for basic services in the system.Error Log -- executed by syslogd (8. Various system Daemon Processes, user programs, and kernels report
command, the registration file lastlog for the last registration time for each user, and the registration in the system. user-related information files (wtmp,The content item file acct of the Command executed by each user and the log files generated by utmp and other applications for the currently registered user under the/etc directory. For some of the log files, you can use the who or w command to view the logon users of the current system.(In the
the last logon time and information in the motd file. OtherwiseIf the/var/log/lastlog file exists, the last logon time is displayed.
If the password entered by the user is correct, login sets the current working directory (currendWorkDirectory) to the starting working directory of the user specified in the password file. Modify the access permission of the terminal device to user read/write and group write, and set the group ID of the process. Then
lastlog sa Xorg.1.logbtmp-20130401 libvirt samba Xorg.2.logcluster luci secure Xorg.9.logConsoleKit maillog secure-20130331 yum.logThe mysqld. log file is the log information generated when we operate on the mysql database. By viewing this log file, we can obtain a lot of information.Because our mysql database is accessible thr
The last command can be used to view User Login records.The history command can view the command execution history. Common log files www.2cto.com are as follows: access-log record HTTP/web transmission acct/pacct record USER command aculog record MODEM activity btmp record failure record lastlog record recent successful login events and last unsuccessful log on to messages to record information from syslog (some links to the syslog file) sudolog recor
In linux, view the user logon history to view the operation history of a user's cat/home/username/. bash_history. Use root logon to use last-x to view the user logon history. Last command:Function Description: lists information related to users who have logged on to the system in the past.Syntax: last [-adRx] [-f] [-n] [account name...] [terminal number...]Note: Execute the last command separately and it will read the data in the/var/log directory,The name of the file is wtmp, and all user names
written.----------------------------- Shut down and restart ----------------------------------Shutdown-r -- restart two and a half days in the morningCtrl + c -- interrupt the current commandShutdown-r -- restart two and a half days in the morning (put the command in the background without occupying the current Terminal)Shutdown-h -- restartShutdown-c -- cancel the previous shutdown command----------------------------- Other commands ------------------------------------ View the current system
the commands that the user is executing.
Last
Displays the users logged on to the system.
Lastlog
Displays the last logon information of all users in the system.
Users
Displays the list of all users currently logged on to the system.
Finger
Search for and display user information.
Built-in commands and others (19)
Echo
Print the variable or directly output the specified string
output
-P print
-D Delete
-E: Allow multiple edits
When using sed to retrieve rows, pay special attention to the use of sed-n's ### G' filename. The sed \ (\) function can remember part of the regular expression, \ 1 is the first remembered mode, that is, the matching content in the first parentheses, \ 2 the second remembered mode, that is, the matching content in the second parentheses, sed can remember up to 9.
The selection of actual characters is best to be unique. Regular Expressions are
]: (login) session opened for user ncx by (uid = 0 ).
The first step should be Kill-HUP cat'/var/run/syslogd. pid '. Of course, intruders may have already done this.
2. wtmp, utmp logs, FTP Log
You can find the file named wtmp and utmp in the/var/adm,/var/log,/etc directory, these files record when and where users remotely log on to the host. In the hacker software, zap2 is the oldest and most popular (the compiled file name is generally called z2, or wipe) is used to "erase" user login informat
Nic model lspci-vvv | grep Kernel | grep driver # view driver module modinfo tg2 # View driver version (Driver Module) ethtool-I em1 # view the NIC Driver version ethtool em1
● Analyze web logs through analysis. (For example, anti-fire software ,)● Analyze system performance bottlenecks (IO/memory/cpu, common tools, and Sar/vmstat/iostat/ipcs for the shift key combination in the top command)
Common log management commands:
History # The default 1000 HISTTIMEFORMAT = "% Y-% m-% d % H: % M: %
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.