[msmunir@nms ~]$ su -
Password:
[root@nms ~]# tail /var/log/secure
Jun 24 08:08:22 nms sshd[25622]: Connection closed by 202.46.3.71
Jun 24 08:13:22 nms sshd[26404]: Connection closed by 202.46.3.71
Jun 24 08:14:51 nms sshd[26578]: Accepted password for msmunir from 202.46.3.81 port 3380 ssh2
Jun 24 08:14:51 nms sshd[26578]: pam_unix(sshd:session): session opened for user msmunir by (uid=0)
Jun 24 08:14:58 nms su: pam_unix(su-l:session): session opened for user root by msmunir(uid=501)
Jun 24 08:18:22 nms sshd[27213]: fatal: Read from socket failed: Connection reset by peer
Jun 24 08:23:22 nms sshd[27811]: Connection closed by 202.46.3.71
Jun 24 08:28:22 nms sshd[28478]: Connection closed by 202.46.3.71
Jun 24 08:33:20 nms su: pam_unix(su-l:session): session opened for user root by msmunir(uid=501)
Jun 24 08:33:22 nms sshd[29131]: Connection closed by 202.46.3.71
[root@nms ~]#
atau penggalan lainnya :
Jun 24 07:22:33 nms sshd[19299]: Failed password for invalid user backuppc from 60.31.211.5 port 33506 ssh2
Jun 24 07:22:33 nms sshd[19301]: Received disconnect from 60.31.211.5: 11: Bye Bye
Setelah tahu siapa yang berusaha maksa login dari dari komputer dengan IP tertentu, bagaimana melaporkan upaya pemaksaaan ini. Misal dari contoh di atas dapat diketahui ada upaya paksa untuk login dari komputer 60.31.211.5 dengan menebak user backuppc. Sebaiknya di dalam komputer kita jangan lagi menggunakan user yang mudah ditebak, atau password yang mudah ditebak.
nice,
ReplyDeletethanks infonya..!