|
|
lug-bg: Питане за /var/log/auth.log
- Subject: lug-bg: Питане за /var/log/auth.log
- From: SleepLess <sleepless@xxxxxxx>
- Date: Fri, 17 Jun 2005 19:17:28 +0300
- Delivered-to: lug-bg-list@xxxxxxxxxxxxxxxxxx
- Delivered-to: lug-bg@xxxxxxxxxxxxxxxxxx
Здравейте,
Някой може ли да каже от какво се получава следния (bold) ред в
/var/log/auth.log :
error: Could not get shadow information for NOUSER
Failed password for illegal user guest from 62.3.207.130 port 51886
ssh2
Illegal user samba from 62.3.207.130
error: Could not get shadow information for NOUSER
Failed password for illegal user samba from 62.3.207.130 port 51930
ssh2
Illegal user admin from 62.3.207.130
error: Could not get shadow information for NOUSER
Failed password for illegal user admin from 62.3.207.130 port 52000
ssh2
Illegal user user from 62.3.207.130
Оказва се че лога е в следствие на broot force атака но как точно
се стига до там че sshd да изисква shadow information за несъществуваст
юзер "NOUSER"
Когато се направи опит за логин с несъществувашт юсер ( ssh NOUSER@gw)
лога е следния :
error: PAM: User not known to the underlying authentication module for
illegal user NOUSER from 192.168.0.2
Failed keyboard-interactive/pam for illegal user NOUSER from
192.168.0.2 port 50536 ssh2
Благодаря.
|
|
|
|