Linux 登陆失败查询

Linux 登陆失败查询

最近笔者购买的 VPS 中发现一堆登陆失败信息, 因此写下本文记录登陆失败查询的步骤。如果不是自己登陆失败, 那么一定是黑客使用暴力算法不断的尝试账号和密码, 如果不采取措施, 那么密码账号和密码就有概率被跑出来, 服务器也将被盗。

博主博客

  • https://blog.uso6.com
  • https://blog.csdn.net/dxk539687357

一、观察

1.1 SSH 登陆观察

比如我登陆服务器, 会发现有 Last failed login 的提示, 并且这个 IP 不是我的 IP, 我那个时间点也没有进行登陆, 所以这个不是我进行的操作。

Last failed login: Sun Dec 24 23:32:02 CST 2023 from 182.61.50.35 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Sun Dec 24 16:05:40 2023 from x.x.x.x

1.2 Cockpit 控制台观察

如果使用 Cockpit 这个 Web Console 系统可以登陆到控制台, 在 概览 页面可以看到有多少次登陆失败。

二、查询

Linux lastb 命令用于列出登入系统失败的用户相关信息。这个命令会读取 /var/log/btmp 文件。

[root@nukixPC ~]# lastb -a | more
trade    ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     42.192.123.63
trade    ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     42.192.123.63
info     ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     124.223.53.149
info     ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     124.223.53.149
ubuntu   ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     124.221.132.245
ubuntu   ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     124.221.132.245
dpn      ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     181.55.188.218
dpn      ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     181.55.188.218
softcont ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     68.71.45.157
softcont ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     68.71.45.157
root     ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     43.156.7.9
testuser ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     201.124.28.60
testuser ssh:notty    Sun Dec 24 02:19 - 02:19  (00:00)     201.124.28.60

-F 输出完整信息。

[root@nukixPC ~]# lastb -F | more
trade    ssh:notty    42.192.123.63    Sun Dec 24 02:19:59 2023 - Sun Dec 24 02:19:59 2023  (00:00)
trade    ssh:notty    42.192.123.63    Sun Dec 24 02:19:57 2023 - Sun Dec 24 02:19:57 2023  (00:00)
info     ssh:notty    124.223.53.149   Sun Dec 24 02:19:44 2023 - Sun Dec 24 02:19:44 2023  (00:00)
info     ssh:notty    124.223.53.149   Sun Dec 24 02:19:42 2023 - Sun Dec 24 02:19:42 2023  (00:00)
ubuntu   ssh:notty    124.221.132.245  Sun Dec 24 02:19:33 2023 - Sun Dec 24 02:19:33 2023  (00:00)
ubuntu   ssh:notty    124.221.132.245  Sun Dec 24 02:19:31 2023 - Sun Dec 24 02:19:31 2023  (00:00)
dpn      ssh:notty    181.55.188.218   Sun Dec 24 02:19:26 2023 - Sun Dec 24 02:19:26 2023  (00:00)
dpn      ssh:notty    181.55.188.218   Sun Dec 24 02:19:24 2023 - Sun Dec 24 02:19:24 2023  (00:00)
softcont ssh:notty    68.71.45.157     Sun Dec 24 02:19:11 2023 - Sun Dec 24 02:19:11 2023  (00:00)
softcont ssh:notty    68.71.45.157     Sun Dec 24 02:19:09 2023 - Sun Dec 24 02:19:09 2023  (00:00)
root     ssh:notty    43.156.7.9       Sun Dec 24 02:19:05 2023 - Sun Dec 24 02:19:05 2023  (00:00)
testuser ssh:notty    201.124.28.60    Sun Dec 24 02:19:03 2023 - Sun Dec 24 02:19:03 2023  (00:00)
testuser ssh:notty    201.124.28.60    Sun Dec 24 02:19:01 2023 - Sun Dec 24 02:19:01 2023  (00:00)

-n 指定输出行数。

[root@nukixPC ~]# lastb -n 5
trade    ssh:notty    42.192.123.63    Sun Dec 24 02:19 - 02:19  (00:00)
trade    ssh:notty    42.192.123.63    Sun Dec 24 02:19 - 02:19  (00:00)
info     ssh:notty    124.223.53.149   Sun Dec 24 02:19 - 02:19  (00:00)
info     ssh:notty    124.223.53.149   Sun Dec 24 02:19 - 02:19  (00:00)
ubuntu   ssh:notty    124.221.132.245  Sun Dec 24 02:19 - 02:19  (00:00)

你可能感兴趣的:(服务端,linux,linux,运维,服务器,lastb)