Polskie Forum Użytkowników Debiana

Polski portal użytkowników dystrybucji Debian GNU/Linux, dyskusje, artykuły, nowości, blog, porady, pomoc.
https://www.debian.pl/

Logi z serwera dedykowanego na Debianie

https://www.debian.pl/viewtopic.php?t=17479

Strona 1 z 1

Logi z serwera dedykowanego na Debianie

: 14 lutego 2010, 10:36
autor: Err
Witam.
Posiadam serwer dedykowany. Udostępniłem kilku osobom konta powłoki.
Okazało się, że serwer został zablokowany ze względu na skanowanie portów przez jednego z użytkowników.

Chciałbym się dowiedzieć w jaki sposób i czy w ogóle mogę sprawdzić, który z użytkowników to zrobił i jakiego oprogramowania użył?

Panowie i Panie, liczę na Waszą pomoc.

: 14 lutego 2010, 10:49
autor: lessmian2
Sprawdź czy znajdziesz coś w .bash_history - w katalogu domowym userów.

: 14 lutego 2010, 11:38
autor: Err
Próbowałem przez Total Commandera i FileZilla, zaznaczałem opcje aby pokazywało ukryte pliki i foldery. ale nie może w ogóle pokazać
.bash_history Szukałem w /home/nazwa_użytkownika/

Aktualizacja:
Wpisałem ręcznie ścieżkę do samego pliku. Właśnie przeglądam logi, nic konkretnego nie znalazłem. Oprócz tego, że jeden z użytkowników po prostu nie miał takich logów. Mógł je sam usunąć z poziomu zwykłego użytkownika jako właściciel tego pliku?

Jest inna opcja znalezienia winowajcy?

Natrafiłem na coś w /var/log/daemon.log.
Co o tym myślicie?

Kod: Zaznacz cały

Feb 12 22:34:06 ks359972 named[2798]: connection refused resolving 'bruteteam.110mb.com/A/IN': 195.242.99.88#53
Dalsze poszukiwania.
Pozmieniałem niektóre nazwy oraz adresy IP z oczywistych względów.
log /var/log/kern.log:

Kod: Zaznacz cały

Feb 12 22:38:24 ks359972 kernel: __ratelimit: 65 callbacks suppressed
Feb 12 22:38:24 ks359972 kernel: atack[910]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:24 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:910] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:24 ks359972 kernel: atack[1121]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:24 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1121] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:26 ks359972 kernel: atack[1037]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:26 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1037] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:27 ks359972 kernel: atack[1090]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:27 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1090] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:30 ks359972 kernel: TCP: Peer 93.97.143.243:51135/55304 unexpectedly shrunk window 1721062777:1721064957 (repaired)
Feb 12 22:38:34 ks359972 kernel: atack[1594]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:34 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1594] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:34 ks359972 kernel: atack[1607]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:34 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1607] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:35 ks359972 kernel: atack[1619]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:35 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1619] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:36 ks359972 kernel: TCP: Peer 93.97.143.243:51135/55304 unexpectedly shrunk window 1722130045:1722132993 (repaired)
Feb 12 22:38:37 ks359972 kernel: atack[1758]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:37 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1758] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:37 ks359972 kernel: atack[1777]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:37 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:1777] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:41 ks359972 kernel: TCP: Peer 93.97.143.243:51135/55304 unexpectedly shrunk window 1723025885:1723031781 (repaired)
Feb 12 22:38:42 ks359972 kernel: TCP: Peer 93.97.143.243:51135/55304 unexpectedly shrunk window 1723025885:1723031781 (repaired)
Feb 12 22:38:43 ks359972 kernel: atack[2400]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:43 ks359972 kernel: grsec: more alerts, logging disabled for 10 seconds
Feb 12 22:38:44 ks359972 kernel: atack[2180]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:44 ks359972 kernel: atack[2199]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:45 ks359972 kernel: atack[2220]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:45 ks359972 kernel: atack[2221]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:50 ks359972 kernel: atack[2815]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:50 ks359972 kernel: atack[2514]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:50 ks359972 kernel: atack[2534]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:51 ks359972 kernel: atack[2565]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:51 ks359972 kernel: atack[2561]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:55 ks359972 kernel: atack[2836]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:55 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:2836] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:55 ks359972 kernel: atack[2869]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:55 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:2869] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:56 ks359972 kernel: atack[2886]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:56 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:2886] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:57 ks359972 kernel: atack[2973]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:57 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:2973] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:38:59 ks359972 kernel: atack[3068]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:38:59 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:3068] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:00 ks359972 kernel: atack[3367]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:00 ks359972 kernel: grsec: more alerts, logging disabled for 10 seconds
Feb 12 22:39:00 ks359972 kernel: atack[3421]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:01 ks359972 kernel: atack[3512]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:03 ks359972 kernel: atack[3299]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:08 ks359972 kernel: atack[3590]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:08 ks359972 kernel: atack[3622]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:09 ks359972 kernel: atack[3682]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:09 ks359972 kernel: atack[3685]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:09 ks359972 kernel: TCP: Peer 93.97.143.243:51135/55304 unexpectedly shrunk window 1729384193:1729385733 (repaired)
Feb 12 22:39:13 ks359972 kernel: atack[3944]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:13 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:3944] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:14 ks359972 kernel: atack[4013]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:14 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:4013] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:17 ks359972 kernel: TCP: Peer 93.97.143.243:51135/55304 unexpectedly shrunk window 1731175961:1731177501 (repaired)
Feb 12 22:39:20 ks359972 kernel: atack[4453]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:20 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:4453] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:23 ks359972 kernel: TCP: Peer 93.97.143.243:51135/55304 unexpectedly shrunk window 1732659905:1732661445 (repaired)
Feb 12 22:39:29 ks359972 kernel: atack[5138]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:29 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:5138] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:30 ks359972 kernel: TCP: Peer 79.76.134.55:58076/55468 unexpectedly shrunk window 377508326:377555111 (repaired)
Feb 12 22:39:31 ks359972 kernel: TCP: Peer 79.76.134.55:58076/55468 unexpectedly shrunk window 377508326:377555111 (repaired)
Feb 12 22:39:36 ks359972 kernel: atack[5953]: segfault at 66696428 ip 080a3377 sp bf8c0150 error 4 in atack[8048000+c0000]
Feb 12 22:39:36 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at 66696428 in /dev/shm/zH/atack[atack:5953] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:38 ks359972 kernel: atack[5781]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:38 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:5781] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:40 ks359972 kernel: atack[6226]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:40 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:6226] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:40 ks359972 kernel: atack[5926]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:40 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:5926] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:41 ks359972 kernel: atack[5941]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:41 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:5941] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:41 ks359972 kernel: atack[5952]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:41 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:5952] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:41 ks359972 kernel: atack[5981]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:41 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:5981] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:42 ks359972 kernel: atack[6419]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:42 ks359972 kernel: grsec: more alerts, logging disabled for 10 seconds
Feb 12 22:39:42 ks359972 kernel: atack[6068]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:43 ks359972 kernel: atack[6225]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:43 ks359972 kernel: atack[6077]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:43 ks359972 kernel: atack[6375]: segfault at 643307fc ip 080a3377 sp bf8c0150 error 4 in atack[8048000+c0000]
Feb 12 22:39:47 ks359972 kernel: atack[6400]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:47 ks359972 kernel: atack[6449]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:51 ks359972 kernel: atack[6954]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:51 ks359972 kernel: atack[6988]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:54 ks359972 kernel: atack[7192]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:54 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:7192] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:39:56 ks359972 kernel: atack[6965]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:39:56 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:6965] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:40:00 ks359972 kernel: atack[7205]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:40:00 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:7205] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:40:01 ks359972 kernel: atack[7602]: segfault at 66696428 ip 080a3377 sp bf8c0150 error 4 in atack[8048000+c0000]
Feb 12 22:40:01 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at 66696428 in /dev/shm/zH/atack[atack:7602] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:40:02 ks359972 kernel: atack[7350]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:40:02 ks359972 kernel: grsec: From 94.127.188.131: Segmentation fault occurred at (null) in /dev/shm/zH/atack[atack:7350] uid/euid:1014/1014 gid/egid:1014/1014, parent /dev/shm/zH/atack[atack:843] uid/euid:1014/1014 gid/egid:1014/1014
Feb 12 22:40:03 ks359972 kernel: atack[7427]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Feb 12 22:40:03 ks359972 kernel: grsec: more alerts, logging disabled for 10 seconds
Feb 12 22:40:04 ks359972 kernel: atack[7481]: segfault at 0 ip 08048e33 sp bf8c0180 error 4 in atack[8048000+c0000]
Panowie i Panie, co o tym myślicie?
Czy jest w ogóle jakaś możliwość by po prostu sprawdzić/odczytać takie logi?
Strefa czasowa UTC+01:00
Strona 1 z 1

Technologię dostarcza phpBB® Forum Software © phpBB Limited

Polski pakiet językowy dostarcza phpBB.pl