auth.log介绍

The Authorization Log tracks usage of authorization systems, the
mechanisms for authorizing users which prompt for user passwords, such
as the Pluggable Authentication Module (PAM) system, the sudo command,
remote logins to sshd and so on. The Authorization Log file may be
accessed at /var/log/auth.log. This log is useful for learning about
user logins and usage of the sudo command.

var/log/auth.log文件可以查看一些关于ssh登陆、sudo命令的信息。

查看用密码登陆成功的IP地址及次数

grep "Accepted password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | more

查看用密码登陆失败的IP地址及次数

grep "Failed password for root" /var/log/auth.log | awk '{print $11}' | sort | uniq -c | sort -nr | more

更改端口使用以下命令

sed -i "s/Port .*/Port 你的端口/g" /etc/ssh/sshd_config

确认配置文件路径正确

有时候在 /var/log/目录下并未找到auth.log文件。建议排查日志配置文件

// vi /etc/rsyslog.d/50-default.conf

加固建议

建议使用密钥登陆。更换ssh端口

标签: none

添加新评论