10:56:18
|
#apt-get install snooptab
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово E: Не удалось найти пакет snooptab |
| /l3/users/27-3-2017/NT-Ladm/debian3.net.nt/root :1 :2 :3 :4 :5 :6 :7 :8 :9 :10 |
|
|
#apt-get install snooptab
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово E: Не удалось найти пакет snooptab |
|
#apt-get install ttysnoops
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово E: Не удалось найти пакет ttysnoops |
|
#apt-get install snooptab
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово E: Не удалось найти пакет snooptab |
|
#rehash
l3script: rehash: команда не найдена |
|
#ttysnoops
debian3 имя пользователя: ivan Пароль: Неверное имя пользователя debian3 имя пользователя: ivan Пароль: |
|
#ttysnoops ivan
Пароль: Неверное имя пользователя debian3 имя пользователя: 123 Пароль: Неверное имя пользователя debian3 имя пользователя: Время выполнения входа в систему истекло (60 секунд). |
|
#apt-get install snooptab
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово E: Не удалось найти пакет snooptab |
|
#apt-get install ttysnoop
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово Уже установлена самая новая версия ttysnoop. обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено. |
|
#apt-get install ttysnoop
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово Уже установлена самая новая версия ttysnoop. обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено. |
|
#apt-get install ttysnoop
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово Уже установлена самая новая версия ttysnoop. обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено. |
|
#apt-get install ttysnoop
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово Уже установлена самая новая версия ttysnoop. обновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено. |
|
#apt-get install ttysnoop
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово Уже установлена самая новая версия ttysnoop. ^[OAобновлено 0, установлено 0 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено. |
|
#apt-get search snap
E: Неверная операция search |
|
#apt-get search sundi
E: Неверная операция search |
|
#apt-get list sundi
E: Неверная операция list |
|
#apt
l3script: apt: команда не найдена |
|
#cd /etc/init
|
|
#ls
networking.conf startpar-bridge.conf udevmonitor.conf network-interface.conf udev.conf udevtrigger.conf network-interface-container.conf udev-fallback-graphics.conf network-interface-security.conf udev-finish.conf |
|
#cd /etc
|
|
#ls
acpi initramfs-tools python adduser.conf inittab python2.7 adjtime inputrc rc0.d aliases insserv rc1.d alternatives insserv.conf rc2.d apt insserv.conf.d rc3.d bash.bashrc iproute2 rc4.d bash_completion issue rc5.d bash_completion.d issue.net rc6.d bindresvport.blacklist kbd rc.local ... grub.d os-release udev gshadow pam.conf ufw gshadow- pam.d vim host.conf passwd w3m hostname passwd- wgetrc hosts perl X11 hosts.allow ppp xml hosts.deny profile zsh init profile.d init.d protocols |
|
#cat profile
profile profile.d/ |
|
#cat profile
profile profile.d/ |
|
#cat profile
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1)) # and Bourne compatible shells (bash(1), ksh(1), ash(1), ...). if [ "`id -u`" -eq 0 ]; then PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" else PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games" fi export PATH if [ "$PS1" ]; then if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then ... for i in /etc/profile.d/*.sh; do if [ -r $i ]; then . $i fi done unset i fi HISTSIZE=2000 HISTFILESIZE=2000 export HISTSIZE HISTFILESIZE |
|
#cd /etc/rc.d
l3script: cd: /etc/rc.d: Нет такого файла или каталога |
|
#ls
acpi initramfs-tools python adduser.conf inittab python2.7 adjtime inputrc rc0.d aliases insserv rc1.d alternatives insserv.conf rc2.d apt insserv.conf.d rc3.d bash.bashrc iproute2 rc4.d bash_completion issue rc5.d bash_completion.d issue.net rc6.d bindresvport.blacklist kbd rc.local ... grub.d os-release udev gshadow pam.conf ufw gshadow- pam.d vim host.conf passwd w3m hostname passwd- wgetrc hosts perl X11 hosts.allow ppp xml hosts.deny profile zsh init profile.d init.d protocols |
|
#ls
acpi initramfs-tools python adduser.conf inittab python2.7 adjtime inputrc rc0.d aliases insserv rc1.d alternatives insserv.conf rc2.d apt insserv.conf.d rc3.d bash.bashrc iproute2 rc4.d bash_completion issue rc5.d bash_completion.d issue.net rc6.d bindresvport.blacklist kbd rc.local ... grub.d os-release udev gshadow pam.conf ufw gshadow- pam.d vim host.conf passwd w3m hostname passwd- wgetrc hosts perl X11 hosts.allow ppp xml hosts.deny profile zsh init profile.d init.d protocols |
|
#lscpu
Architecture: x86_64 CPU op-mode(s): 32-bit, 64-bit Byte Order: Little Endian CPU(s): 1 On-line CPU(s) list: 0 Thread(s) per core: 1 Core(s) per socket: 1 Socket(s): 1 NUMA node(s): 1 Vendor ID: GenuineIntel CPU family: 6 Model: 15 Stepping: 11 CPU MHz: 2327.540 BogoMIPS: 4655.08 Hypervisor vendor: Xen Virtualization type: full L1d cache: 32K L1i cache: 32K L2 cache: 4096K NUMA node0 CPU(s): 0 |
|
#lshdd
l3script: lshdd: команда не найдена |
|
#lshd
l3script: lshd: команда не найдена |
|
#cd /etc/init.d
|
|
#ls
acpid hwclock.sh mtab.sh sendsigs bootlogs kbd netdiag single bootmisc.sh keyboard-setup networking skeleton checkfs.sh killprocs procps ssh checkroot-bootclean.sh kmod rc sudo checkroot.sh motd rc.local udev console-cyrillic mountall-bootclean.sh rcS udev-mtab console-setup mountall.sh README umountfs cron mountdevsubfs.sh reboot umountnfs.sh exim4 mountkernfs.sh rmnologin umountroot halt mountnfs-bootclean.sh rsyslog urandom hostname.sh mountnfs.sh screen-cleanup |
|
#./crond stop
l3script: ./crond: Нет такого файла или каталога |
|
#./cron stop
[ ok ] Stopping periodic command scheduler: cron. |
|
#service cron restart
[ ok ] Restarting periodic command scheduler: cron[....] Stopping periodic command scheduler: cron. [ ok ] Starting periodic command scheduler: cron. |
|
#cd /etc/r
rc0.d/ rc4.d/ rcS.d/ rpc rc1.d/ rc5.d/ reportbug.conf rsyslog.conf rc2.d/ rc6.d/ resolv.conf rsyslog.d/ rc3.d/ rc.local rmt |
|
#cd /etc/rc3.d/
|
|
#ls
README S01netdiag S01sudo S02cron S02ssh S04rc.local S01motd S01rsyslog S02acpid S02exim4 S03bootlogs S04rmnologin |
|
#ls -lah
итого 12K drwxr-xr-x 2 root root 4,0K Мар 28 09:27 . drwxr-xr-x 70 root root 4,0K Мар 31 11:55 .. -rw-r--r-- 1 root root 677 Июл 14 2013 README lrwxrwxrwx 1 root root 14 Июн 27 2014 S01motd -> ../init.d/motd lrwxrwxrwx 1 root root 17 Июн 27 2014 S01netdiag -> ../init.d/netdiag lrwxrwxrwx 1 root root 17 Июн 27 2014 S01rsyslog -> ../init.d/rsyslog lrwxrwxrwx 1 root root 14 Мар 28 09:27 S01sudo -> ../init.d/sudo lrwxrwxrwx 1 root root 15 Июн 27 2014 S02acpid -> ../init.d/acpid lrwxrwxrwx 1 root root 14 Июн 27 2014 S02cron -> ../init.d/cron lrwxrwxrwx 1 root root 15 Июн 27 2014 S02exim4 -> ../init.d/exim4 lrwxrwxrwx 1 root root 13 Июн 27 2014 S02ssh -> ../init.d/ssh lrwxrwxrwx 1 root root 18 Июн 27 2014 S03bootlogs -> ../init.d/bootlogs lrwxrwxrwx 1 root root 18 Июн 27 2014 S04rc.local -> ../init.d/rc.local lrwxrwxrwx 1 root root 19 Июн 27 2014 S04rmnologin -> ../init.d/rmnologin |
|
#cd rc6.d
l3script: cd: rc6.d: Нет такого файла или каталога |
|
#cd ../rc6.d
|
|
#ls -l
итого 4 lrwxrwxrwx 1 root root 15 Июн 27 2014 K01exim4 -> ../init.d/exim4 lrwxrwxrwx 1 root root 17 Июн 27 2014 K01netdiag -> ../init.d/netdiag lrwxrwxrwx 1 root root 17 Июн 27 2014 K01urandom -> ../init.d/urandom lrwxrwxrwx 1 root root 18 Июн 27 2014 K02sendsigs -> ../init.d/sendsigs lrwxrwxrwx 1 root root 17 Июн 27 2014 K03rsyslog -> ../init.d/rsyslog lrwxrwxrwx 1 root root 20 Июн 27 2014 K04hwclock.sh -> ../init.d/hwclock.sh lrwxrwxrwx 1 root root 22 Июн 27 2014 K04umountnfs.sh -> ../init.d/umountnfs.sh lrwxrwxrwx 1 root root 20 Июн 27 2014 K05networking -> ../init.d/networking lrwxrwxrwx 1 root root 18 Июн 27 2014 K06umountfs -> ../init.d/umountfs lrwxrwxrwx 1 root root 20 Июн 27 2014 K07umountroot -> ../init.d/umountroot lrwxrwxrwx 1 root root 16 Июн 27 2014 K08reboot -> ../init.d/reboot -rw-r--r-- 1 root root 351 Окт 15 2012 README |
|
#apt-get install vsftpd
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово НОВЫЕ пакеты, которые будут установлены: vsftpd обновлено 0, установлено 1 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено. Необходимо скачать 158 kБ архивов. После данной операции, объём занятого дискового пространства возрастёт на 286 kB. Получено:1 http://ftp.ua.debian.org/debian/ wheezy/main vsftpd amd64 2.3.5-3 [158 kB] Получено 158 kБ за 0с (799 kБ/c) Предварительная настройка пакетов ... Выбор ранее не выбранного пакета vsftpd. (Чтение базы данных … на данный момент установлено 31254 файла и каталога.) Распаковывается пакет vsftpd (из файла …/vsftpd_2.3.5-3_amd64.deb) … Обрабатываются триггеры для man-db … Настраивается пакет vsftpd (2.3.5-3) … Starting FTP server: vsftpd. |
|
#cd /etc/init.d
|
|
#ls
acpid hwclock.sh mtab.sh sendsigs bootlogs kbd netdiag single bootmisc.sh keyboard-setup networking skeleton checkfs.sh killprocs procps ssh checkroot-bootclean.sh kmod rc sudo checkroot.sh motd rc.local udev console-cyrillic mountall-bootclean.sh rcS udev-mtab console-setup mountall.sh README umountfs cron mountdevsubfs.sh reboot umountnfs.sh exim4 mountkernfs.sh rmnologin umountroot halt mountnfs-bootclean.sh rsyslog urandom hostname.sh mountnfs.sh screen-cleanup vsftpd |
|
#chkconfig --list vsftpd
l3script: chkconfig: команда не найдена |
|
#service vsftpd chkconfig
Usage: /etc/init.d/vsftpd {start|stop|restart|reload|status}
|
|
#service vsftpd status
vsftpd is running |
|
#systemctl
l3script: systemctl: команда не найдена |
|
#cd /etc/rc3.d/
|
|
#ls
README S01netdiag S01sudo S02cron S02ssh S03bootlogs S04rmnologin S01motd S01rsyslog S02acpid S02exim4 S02vsftpd S04rc.local |
|
#pidof rsyslogd
1870 |
|
#cd /proc/`pidof rsyslogd`
|
|
#cd df
l3script: cd: df: Нет такого файла или каталога |
|
#ls
attr coredump_filter io mountstats pagemap stat autogroup cpuset limits net personality statm auxv cwd loginuid ns root status cgroup environ maps numa_maps sched syscall clear_refs exe mem oom_adj sessionid task cmdline fd mountinfo oom_score smaps wchan comm fdinfo mounts oom_score_adj stack |
|
#cd fd
|
|
#netstat
Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 debian3.net.nt:40540 xgu.ru:18030 TIME_WAIT tcp 0 0 debian3.net.nt:40541 xgu.ru:18030 TIME_WAIT tcp 0 0 debian3.net.nt:ssh 192.168.16.187:49257 ESTABLISHED tcp 0 0 debian3.net.nt:40539 xgu.ru:18030 TIME_WAIT tcp 0 432 debian3.net.nt:ssh 192.168.16.187:49239 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 5 [ ] DGRAM 5096 /dev/log unix 3 [ ] STREAM CONNECTED 107257 unix 3 [ ] STREAM CONNECTED 107256 unix 2 [ ] DGRAM 107255 unix 2 [ ] DGRAM 106825 unix 3 [ ] STREAM CONNECTED 99103 unix 3 [ ] STREAM CONNECTED 99102 unix 2 [ ] STREAM 99099 unix 2 [ ] DGRAM 5143 unix 3 [ ] DGRAM 3267 unix 3 [ ] DGRAM 3266 |
|
#ls
0 1 2 3 4 5 |
|
#cat 0
cat: 0: Нет такого устройства или адреса |
|
#cat 1
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 10:17:01 debian3 /USR/SBIN/CRON[14581]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 11:17:01 debian3 /USR/SBIN/CRON[15075]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 12:17:01 debian3 /USR/SBIN/CRON[15975]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 13:17:01 debian3 /USR/SBIN/CRON[16006]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 13:49:06 debian3 /usr/sbin/cron[16183]: (CRON) INFO (pidfile fd = 3) Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) STARTUP (fork ok) Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup) |
|
#cat 1
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 10:17:01 debian3 /USR/SBIN/CRON[14581]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 11:17:01 debian3 /USR/SBIN/CRON[15075]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 12:17:01 debian3 /USR/SBIN/CRON[15975]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 13:17:01 debian3 /USR/SBIN/CRON[16006]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 13:49:06 debian3 /usr/sbin/cron[16183]: (CRON) INFO (pidfile fd = 3) Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) STARTUP (fork ok) Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup) |
|
#cat 2
Mar 28 06:25:05 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 29 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 30 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed |
|
#cat 3
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 31 06:25:03 debian3 CRON[13872]: pam_unix(cron:session): session closed for user root Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session closed for user root Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session closed for user root Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) ... Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup) Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105 Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105 Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information ^[O4 ^[OA^[OA^C |
|
#cat 4
^C |
|
#cat 5
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2 Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2 ... Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session closed for user root Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session closed for user root Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105 Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105 Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information |
|
#cat /etc/rsyslog.conf
# /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html ################# #### MODULES #### ################# $ModLoad imuxsock # provides support for local system logging $ModLoad imklog # provides kernel logging support #$ModLoad immark # provides --MARK-- message capability ... # # $ xconsole -file /dev/xconsole [...] # # NOTE: adjust the list below, or you'll go crazy if you have a reasonably # busy site.. # daemon.*;mail.*;\ news.err;\ *.=debug;*.=info;\ *.=notice;*.=warn |/dev/xconsole |
|
#cat /var/log/secure
cat: /var/log/secure: Нет такого файла или каталога |
|
#cat /var/lo
local/ lock/ log/ |
|
#cat /var/lo
local/ lock/ log/ |
|
#cat /var/log/
alternatives.log auth.log.2.gz debug dmesg.3.gz installer/ mail.err news/ syslog.7.gz alternatives.log.1 auth.log.3.gz debug.1 dmesg.4.gz iptraf/ mail.info syslog user.log alternatives.log.2.gz btmp debug.2.gz dpkg.log kern.log mail.log syslog.1 user.log.1 apt/ btmp.1 debug.3.gz dpkg.log.1 kern.log.1 mail.warn syslog.2.gz user.log.2.gz aptitude daemon.log dmesg dpkg.log.2.gz kern.log.2.gz messages syslog.3.gz user.log.3.gz aptitude.1.gz daemon.log.1 dmesg.0 exim4/ kern.log.3.gz messages.1 syslog.4.gz vsftpd.log auth.log daemon.log.2.gz dmesg.1.gz faillog lastlog messages.2.gz syslog.5.gz wtmp auth.log.1 daemon.log.3.gz dmesg.2.gz fsck/ lpr.log messages.3.gz syslog.6.gz wtmp.1 |
|
#cat /var/log/auth.log
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2 Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2 ... Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session closed for user root Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session closed for user root Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105 Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105 Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information |
|
#ssh 192.168.13.6
root@192.168.13.6's password: sdlfkj Permission denied, please try again. root@192.168.13.6's password: |
|
#ssh 192.168.16.193
The authenticity of host '192.168.16.193 (192.168.16.193)' can't be established. RSA key fingerprint is a8:60:9a:fb:22:43:15:b8:41:1d:fc:74:87:a1:ff:04. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.16.193' (RSA) to the list of known hosts. root@192.168.16.193's password: sdflkj Permission denied, please try again. root@192.168.16.193's password: sdlfkj sdlfkj sdflPermission denied, please try again. root@192.168.16.193's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). |
|
#ssh vasia@192.168.16.193
vasia@192.168.16.193's password: sdlfk Permission denied, please try again. vasia@192.168.16.193's password: sdl;fk eiPermission denied, please try again. vasia@192.168.16.193's password: lsPermission denied (publickey,gssapi-keyex,gssapi-with-mic,password). |
|
#lsd
l3script: lsd: команда не найдена |
|
#vim /etc/rsyslog.conf
--- /tmp/l3-saved-14106.3961.23834 2017-03-31 14:16:32.703924574 +0300 +++ /etc/rsyslog.conf 2017-03-31 14:21:07.279924106 +0300 @@ -59,13 +59,14 @@ # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog +*.*;auth,authpriv.none, -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail.log user.* -/var/log/user.log +local5.* /var/log/ssh # # Logging for the mail system. Split it up so that @@ -91,7 +92,7 @@ *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ - mail,news.none -/var/log/messages + mail,news.none,local5.none -/var/log/messages # # Emergencies are sent to everybody logged in. |
|
#service rsyslogd reload
rsyslogd: unrecognized service |
|
#service rsyslog reload
Usage: /etc/init.d/rsyslog {start|stop|rotate|restart|force-reload|status}
|
|
#service rsyslog force-reload
[ ok ] Stopping enhanced syslogd: rsyslogd. [ ok ] Starting enhanced syslogd: rsyslogd. |
|
#ls /var/log
alternatives.log aptitude.1.gz btmp daemon.log.3.gz dmesg dmesg.4.gz faillog kern.log.1 mail.err messages.1 syslog syslog.5.gz user.log.2.gz alternatives.log.1 auth.log btmp.1 debug dmesg.0 dpkg.log fsck kern.log.2.gz mail.info messages.2.gz syslog.1 syslog.6.gz user.log.3.gz alternatives.log.2.gz auth.log.1 daemon.log debug.1 dmesg.1.gz dpkg.log.1 installer kern.log.3.gz mail.log messages.3.gz syslog.2.gz syslog.7.gz vsftpd.log apt auth.log.2.gz daemon.log.1 debug.2.gz dmesg.2.gz dpkg.log.2.gz iptraf lastlog mail.warn news syslog.3.gz user.log wtmp aptitude auth.log.3.gz daemon.log.2.gz debug.3.gz dmesg.3.gz exim4 kern.log lpr.log messages ssh syslog.4.gz user.log.1 wtmp.1 |
|
#logger -p local5.err 'Error!!!!'
|
|
#cat ssh
cat: ssh: Нет такого файла или каталога |
|
#cat /var/log/ssh
Mar 31 14:22:55 debian3 user: Error!!!! |
|
#vim /etc/ssh/sshd_config
--- /tmp/l3-saved-14106.29399.16640 2017-03-31 14:23:46.499924500 +0300 +++ /etc/ssh/sshd_config 2017-03-31 14:25:38.047923288 +0300 @@ -19,8 +19,9 @@ ServerKeyBits 768 # Logging -SyslogFacility AUTH -LogLevel INFO +#SyslogFacility AUTH +SyslogFacility LOCAL5 +#LogLevel INFO # Authentication: LoginGraceTime 120 |
|
#service sshd reload
sshd: unrecognized service |
|
#service sshd force-reload
sshd: unrecognized service |
|
#service sshd
sshd: unrecognized service |
|
#service ssh force-reload
[ ok ] Reloading OpenBSD Secure Shell server's configuration: sshd. |
|
#vim /etc/ssh/sshd_config
|
|
#daemon.*;mail.*;\
[ ok ] Stopping enhanced syslogd: rsyslogd. [ ok ] Starting enhanced syslogd: rsyslogd. |
|
#cat /etc/logrotate.conf
# see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory ... create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0660 root utmp rotate 1 } # system-specific logs may be configured here |
|
#cat /etc/logrotate.conf
# see "man logrotate" for details # rotate log files weekly weekly # keep 4 weeks worth of backlogs rotate 4 # create new (empty) log files after rotating old ones create # uncomment this if you want your log files compressed #compress # packages drop log rotation information into this directory ... create 0664 root utmp rotate 1 } /var/log/btmp { missingok monthly create 0660 root utmp rotate 1 } # system-specific logs may be configured here |
|
#cd /etc/logrotate.d
|
|
#ls
apt aptitude dpkg exim4-base exim4-paniclog iptraf rsyslog vsftpd |
|
#apt-get install squid
Чтение списков пакетов… Готово Построение дерева зависимостей Чтение информации о состоянии… Готово Будут установлены следующие дополнительные пакеты: libldap-2.4-2 libsasl2-2 libsasl2-modules squid-common squid-langpack Предлагаемые пакеты: libsasl2-modules-otp libsasl2-modules-ldap libsasl2-modules-sql libsasl2-modules-gssapi-mit libsasl2-modules-gssapi-heimdal squidclient squid-cgi logcheck-database resolvconf smbclient winbind НОВЫЕ пакеты, которые будут установлены: libldap-2.4-2 libsasl2-2 libsasl2-modules squid squid-common squid-langpack обновлено 0, установлено 6 новых пакетов, для удаления отмечено 0 пакетов, и 91 пакетов не обновлено. ... Обрабатываются триггеры для man-db … Настраивается пакет libsasl2-2:amd64 (2.1.25.dfsg1-6+deb7u1) … Настраивается пакет libldap-2.4-2:amd64 (2.4.31-2+deb7u2) … Настраивается пакет squid-langpack (20120616-1) … Настраивается пакет squid-common (2.7.STABLE9-4.1+deb7u2) … Настраивается пакет squid (2.7.STABLE9-4.1+deb7u2) … Creating squid spool directory structure 2017/03/31 14:53:28| Creating Swap Directories [ ok ] Restarting Squid HTTP proxy: squid. Настраивается пакет libsasl2-modules:amd64 (2.1.25.dfsg1-6+deb7u1) … |
|
#ls
apt aptitude dpkg exim4-base exim4-paniclog iptraf rsyslog squid vsftpd |
|
#cat squid
#
# Logrotate fragment for squid.
#
/var/log/squid/*.log {
daily
compress
delaycompress
rotate 2
missingok
nocreate
sharedscripts
postrotate
test ! -e /var/run/squid.pid || /usr/sbin/squid -k rotate
endscript
}
|
|
#cd /etc/cron
cron.d/ cron.daily/ cron.hourly/ cron.monthly/ crontab cron.weekly/ |
|
#cd /etc/cron.daily
|
|
#ls
apt aptitude bsdmainutils dpkg exim4-base locate logrotate man-db passwd |
|
#cat logrotate
#!/bin/sh test -x /usr/sbin/logrotate || exit 0 /usr/sbin/logrotate /etc/logrotate.conf |
|
#ls /etc/cron*
/etc/crontab /etc/cron.d: /etc/cron.daily: apt aptitude bsdmainutils dpkg exim4-base locate logrotate man-db passwd /etc/cron.hourly: /etc/cron.monthly: /etc/cron.weekly: man-db |
# see "man logrotate" for details
# rotate log files weekly
weekly
# keep 4 weeks worth of backlogs
rotate 4
# create new (empty) log files after rotating old ones
create
# uncomment this if you want your log files compressed
#compress
# packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp, or btmp -- we'll rotate them here
/var/log/wtmp {
missingok
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0660 root utmp
rotate 1
}
# system-specific logs may be configured here
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
#$ModLoad imudp
#$UDPServerRun 514
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Where to place spool and state files
#
$WorkDirectory /var/spool/rsyslog
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.err;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2 Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2 Mar 28 09:17:34 debian3 sshd[7648]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 28 09:24:45 debian3 sshd[7695]: Accepted password for user from 192.168.16.187 port 49242 ssh2 Mar 28 09:24:45 debian3 sshd[7695]: pam_unix(sshd:session): session opened for user user by (uid=0) Mar 28 09:27:14 debian3 su[7891]: Successful su for root by user Mar 28 09:27:14 debian3 su[7891]: + /dev/pts/2 user:root Mar 28 09:27:14 debian3 su[7891]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:27:28 debian3 su[7891]: pam_unix(su:session): session closed for user root Mar 28 09:27:40 debian3 su[8227]: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=root Mar 28 09:27:42 debian3 su[8227]: pam_authenticate: Authentication failure Mar 28 09:27:42 debian3 su[8227]: FAILED su for root by user Mar 28 09:27:42 debian3 su[8227]: - /dev/pts/2 user:root Mar 28 09:27:53 debian3 su[8235]: Successful su for root by user Mar 28 09:27:53 debian3 su[8235]: + /dev/pts/2 user:root Mar 28 09:27:53 debian3 su[8235]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:27:59 debian3 su[8235]: pam_unix(su:session): session closed for user root Mar 28 09:33:16 debian3 sudo: user : user NOT in sudoers ; TTY=pts/2 ; PWD=/etc ; USER=root ; COMMAND=/bin/chmod 755 screenrc Mar 28 09:33:24 debian3 su[8705]: No passwd entry for user '755' Mar 28 09:33:24 debian3 su[8705]: FAILED su for 755 by user Mar 28 09:33:24 debian3 su[8705]: - /dev/pts/2 user:755 Mar 28 09:33:45 debian3 su[8713]: Successful su for root by user Mar 28 09:33:45 debian3 su[8713]: + /dev/pts/2 user:root Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session closed for user root Mar 28 09:34:22 debian3 su[8756]: Successful su for root by user Mar 28 09:34:22 debian3 su[8756]: + /dev/pts/2 user:root Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session closed for user root Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session closed for user root Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session closed for user root Mar 28 11:28:18 debian3 sshd[7648]: pam_unix(sshd:session): session closed for user root Mar 28 11:28:26 debian3 sshd[9544]: Accepted password for root from 192.168.16.187 port 49747 ssh2 Mar 28 11:28:26 debian3 sshd[9544]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 28 11:53:47 debian3 sshd[7695]: pam_unix(sshd:session): session closed for user user Mar 28 11:53:59 debian3 sshd[9806]: Invalid user acharnosh from 192.168.16.187 Mar 28 11:53:59 debian3 sshd[9806]: input_userauth_request: invalid user acharnosh [preauth] Mar 28 11:54:03 debian3 sshd[9806]: Received disconnect from 192.168.16.187: 13: Unable to authenticate [preauth] Mar 28 11:54:31 debian3 sshd[9808]: Connection closed by 192.168.16.187 [preauth] Mar 28 11:54:40 debian3 sshd[9810]: Accepted password for ivan from 192.168.16.187 port 49768 ssh2 Mar 28 11:54:40 debian3 sshd[9810]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 11:54:49 debian3 sshd[9810]: pam_unix(sshd:session): session closed for user ivan Mar 28 11:55:19 debian3 sshd[9896]: Accepted password for ivan from 192.168.16.187 port 49769 ssh2 Mar 28 11:55:19 debian3 sshd[9896]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 11:57:32 debian3 sshd[9896]: pam_unix(sshd:session): session closed for user ivan Mar 28 11:57:45 debian3 sshd[10088]: Connection closed by 192.168.16.187 [preauth] Mar 28 11:58:46 debian3 sshd[10090]: Accepted password for ivan from 192.168.16.187 port 49773 ssh2 Mar 28 11:58:46 debian3 sshd[10090]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 12:01:49 debian3 sshd[10090]: pam_unix(sshd:session): session closed for user ivan Mar 28 12:02:11 debian3 sshd[10215]: Accepted password for ivan from 192.168.16.187 port 49774 ssh2 Mar 28 12:02:11 debian3 sshd[10215]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 12:16:20 debian3 sshd[10349]: Accepted password for root from 192.168.16.187 port 49785 ssh2 Mar 28 12:16:20 debian3 sshd[10349]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session closed for user root Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session closed for user root Mar 28 13:38:46 debian3 sshd[11037]: Connection closed by 192.168.16.187 [preauth] Mar 28 13:39:46 debian3 sshd[11039]: Accepted password for petr from 192.168.16.187 port 49812 ssh2 Mar 28 13:39:46 debian3 sshd[11039]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 28 13:40:17 debian3 sshd[9544]: pam_unix(sshd:session): session closed for user root Mar 28 13:53:26 debian3 sshd[11039]: pam_unix(sshd:session): session closed for user petr Mar 28 14:00:09 debian3 sshd[11820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr Mar 28 14:00:10 debian3 sshd[11820]: Failed password for petr from 192.168.16.187 port 49885 ssh2 Mar 28 14:00:14 debian3 sshd[11820]: Accepted password for petr from 192.168.16.187 port 49885 ssh2 Mar 28 14:00:14 debian3 sshd[11820]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session closed for user root Mar 28 14:24:00 debian3 sshd[11820]: pam_unix(sshd:session): session closed for user petr Mar 28 14:25:48 debian3 sshd[10215]: pam_unix(sshd:session): session closed for user ivan Mar 28 14:26:09 debian3 sshd[11968]: Accepted password for user from 192.168.16.187 port 49901 ssh2 Mar 28 14:26:09 debian3 sshd[11968]: pam_unix(sshd:session): session opened for user user by (uid=0) Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session closed for user root Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session closed for user root Mar 28 17:06:48 debian3 sshd[14025]: Accepted password for ivan from 192.168.16.187 port 50084 ssh2 Mar 28 17:06:48 debian3 sshd[14025]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 17:06:57 debian3 sshd[14025]: pam_unix(sshd:session): session closed for user ivan Mar 28 17:12:53 debian3 sshd[10349]: pam_unix(sshd:session): session closed for user root Mar 28 17:13:03 debian3 sshd[11968]: pam_unix(sshd:session): session closed for user user Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session closed for user root Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session closed for user root Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session closed for user root Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session closed for user root Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session closed for user root Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session closed for user root Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session closed for user root Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session closed for user root Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session closed for user root Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session closed for user root Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session closed for user root Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session closed for user root Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session closed for user root Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session closed for user root Mar 29 06:25:01 debian3 CRON[14242]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 06:25:02 debian3 su[14341]: Successful su for nobody by root Mar 29 06:25:02 debian3 su[14341]: + ??? root:nobody Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session closed for user nobody Mar 29 06:25:02 debian3 su[14343]: Successful su for nobody by root Mar 29 06:25:02 debian3 su[14343]: + ??? root:nobody Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session closed for user nobody Mar 29 06:25:02 debian3 su[14345]: Successful su for nobody by root Mar 29 06:25:02 debian3 su[14345]: + ??? root:nobody Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session closed for user nobody Mar 29 06:25:03 debian3 CRON[14242]: pam_unix(cron:session): session closed for user root Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session closed for user root Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session closed for user root Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session closed for user root Mar 29 09:41:48 debian3 sshd[14417]: Accepted password for root from 192.168.16.187 port 49228 ssh2 Mar 29 09:41:48 debian3 sshd[14417]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session closed for user root Mar 29 10:54:13 debian3 login[15706]: pam_unix(login:session): session opened for user user by (uid=0) Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session closed for user root Mar 29 11:54:12 debian3 sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=user Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): conversation failed Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): auth could not identify password for [user] Mar 29 11:54:31 debian3 sudo: user : 2 incorrect password attempts ; TTY=pts/2 ; PWD=/etc/cron.daily ; USER=root ; COMMAND=/usr/bin/updatedb Mar 29 11:57:39 debian3 su[17590]: Successful su for root by user Mar 29 11:57:39 debian3 su[17590]: + /dev/pts/2 user:root Mar 29 11:57:39 debian3 su[17590]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 29 11:57:44 debian3 su[17590]: pam_unix(su:session): session closed for user root Mar 29 11:59:58 debian3 login[15706]: pam_unix(login:session): session closed for user user Mar 29 12:03:04 debian3 sshd[17862]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2 Mar 29 12:03:04 debian3 sshd[17862]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 29 12:06:00 debian3 sshd[17862]: pam_unix(sshd:session): session closed for user ivan Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session closed for user root Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session closed for user root Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session closed for user root Mar 29 14:33:23 debian3 useradd[20008]: new group: name=anna, GID=1003 Mar 29 14:33:23 debian3 useradd[20008]: new user: name=anna, UID=1003, GID=1003, home=/home/anna, shell=/bin/sh Mar 29 14:37:28 debian3 usermod[20066]: change user 'user' shell from '/bin/bash' to '/bin/sh' Mar 29 14:37:28 debian3 usermod[20071]: change user 'ivan' shell from '/bin/bash' to '/bin/sh' Mar 29 14:37:28 debian3 usermod[20076]: change user 'petr' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:20 debian3 usermod[20118]: change user 'user' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:20 debian3 usermod[20123]: change user 'ivan' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:20 debian3 usermod[20128]: change user 'petr' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:20 debian3 usermod[20133]: change user 'anna' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:41 debian3 usermod[20142]: change user 'user' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:41 debian3 usermod[20147]: change user 'ivan' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:41 debian3 usermod[20152]: change user 'petr' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:41 debian3 usermod[20157]: change user 'anna' shell from '/bin/bash' to '/bin/sh' Mar 29 14:45:05 debian3 usermod[20166]: change user 'user' shell from '/bin/sh' to '/bin/bash' Mar 29 14:45:05 debian3 usermod[20171]: change user 'ivan' shell from '/bin/sh' to '/bin/bash' Mar 29 14:45:05 debian3 usermod[20176]: change user 'petr' shell from '/bin/sh' to '/bin/bash' Mar 29 14:45:05 debian3 usermod[20181]: change user 'anna' shell from '/bin/sh' to '/bin/bash' Mar 29 15:00:59 debian3 usermod[20477]: change user 'user' shell from '/bin/bash' to '/bin/sh' Mar 29 15:00:59 debian3 usermod[20482]: change user 'ivan' shell from '/bin/bash' to '/bin/sh' Mar 29 15:00:59 debian3 usermod[20487]: change user 'petr' shell from '/bin/bash' to '/bin/sh' Mar 29 15:00:59 debian3 usermod[20492]: change user 'anna' shell from '/bin/bash' to '/bin/sh' Mar 29 15:01:02 debian3 usermod[20508]: change user 'user' shell from '/bin/sh' to '/bin/bash' Mar 29 15:01:02 debian3 usermod[20513]: change user 'ivan' shell from '/bin/sh' to '/bin/bash' Mar 29 15:01:02 debian3 usermod[20518]: change user 'petr' shell from '/bin/sh' to '/bin/bash' Mar 29 15:01:02 debian3 usermod[20523]: change user 'anna' shell from '/bin/sh' to '/bin/bash' Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session closed for user root Mar 29 15:48:46 debian3 sshd[24308]: Accepted password for ivan from 192.168.16.187 port 49738 ssh2 Mar 29 15:48:46 debian3 sshd[24308]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session closed for user root Mar 29 16:20:37 debian3 su[8879]: Successful su for ivan by root Mar 29 16:20:37 debian3 su[8879]: + /dev/pts/0 root:ivan Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session opened for user ivan by root(uid=0) Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session closed for user ivan Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session closed for user root Mar 29 17:25:12 debian3 su[9088]: No passwd entry for user 'matrix.jpg' Mar 29 17:25:12 debian3 su[9088]: FAILED su for matrix.jpg by ivan Mar 29 17:25:12 debian3 su[9088]: - /dev/pts/1 ivan:matrix.jpg Mar 29 17:25:26 debian3 su[9089]: Successful su for root by ivan Mar 29 17:25:26 debian3 su[9089]: + /dev/pts/1 ivan:root Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session opened for user root by ivan(uid=1001) Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session closed for user root Mar 29 17:31:46 debian3 sshd[24308]: pam_unix(sshd:session): session closed for user ivan Mar 29 17:31:47 debian3 sshd[14417]: pam_unix(sshd:session): session closed for user root Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session closed for user root Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session closed for user root Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session closed for user root Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session closed for user root Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session closed for user root Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session closed for user root Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session closed for user root Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session closed for user root Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session closed for user root Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session closed for user root Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session closed for user root Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session closed for user root Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session closed for user root Mar 30 06:25:01 debian3 CRON[9212]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 06:25:02 debian3 su[9284]: Successful su for nobody by root Mar 30 06:25:02 debian3 su[9284]: + ??? root:nobody Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session closed for user nobody Mar 30 06:25:02 debian3 su[9286]: Successful su for nobody by root Mar 30 06:25:02 debian3 su[9286]: + ??? root:nobody Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session closed for user nobody Mar 30 06:25:02 debian3 su[9288]: Successful su for nobody by root Mar 30 06:25:02 debian3 su[9288]: + ??? root:nobody Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session closed for user nobody Mar 30 06:25:03 debian3 CRON[9212]: pam_unix(cron:session): session closed for user root Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session closed for user root Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session closed for user root Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session closed for user root Mar 30 09:38:59 debian3 sshd[9367]: Accepted password for root from 192.168.16.187 port 49218 ssh2 Mar 30 09:38:59 debian3 sshd[9367]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 09:45:32 debian3 sshd[9423]: Accepted password for ivan from 192.168.16.187 port 49228 ssh2 Mar 30 09:45:32 debian3 sshd[9423]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 09:55:45 debian3 chfn[9628]: changed user 'ivan' information Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session closed for user root Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/group: name=developers, GID=1004 Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/gshadow: name=developers Mar 30 10:31:06 debian3 groupadd[9863]: new group: name=developers, GID=1004 Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to group 'developers' Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to shadow group 'developers' Mar 30 10:37:09 debian3 gpasswd[9960]: user petr added by root to group developers Mar 30 10:40:06 debian3 gpasswd[10011]: administrators of group developers set by root to anna Mar 30 10:45:09 debian3 passwd[10097]: password for 'ivan' changed by 'root' Mar 30 10:45:15 debian3 passwd[10116]: password for 'ivan' changed by 'root' Mar 30 10:45:43 debian3 passwd[10142]: password for 'ivan' changed by 'root' Mar 30 10:45:46 debian3 passwd[10154]: password for 'ivan' changed by 'root' Mar 30 10:46:58 debian3 passwd[10166]: password for 'ivan' changed by 'root' Mar 30 10:47:10 debian3 passwd[10185]: password for 'ivan' changed by 'root' Mar 30 11:05:04 debian3 sshd[10324]: Accepted password for ivan from 127.0.0.1 port 44192 ssh2 Mar 30 11:05:04 debian3 sshd[10324]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 11:05:55 debian3 sshd[10326]: Received disconnect from 127.0.0.1: 11: disconnected by user Mar 30 11:05:55 debian3 sshd[10324]: pam_unix(sshd:session): session closed for user ivan Mar 30 11:06:16 debian3 sshd[10646]: Accepted password for ivan from 127.0.0.1 port 44194 ssh2 Mar 30 11:06:16 debian3 sshd[10646]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 11:06:55 debian3 sshd[10648]: Received disconnect from 127.0.0.1: 11: disconnected by user Mar 30 11:06:55 debian3 sshd[10646]: pam_unix(sshd:session): session closed for user ivan Mar 30 11:10:18 debian3 sshd[11024]: Accepted password for petr from 192.168.16.187 port 49352 ssh2 Mar 30 11:10:18 debian3 sshd[11024]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 30 11:10:54 debian3 sshd[11024]: pam_unix(sshd:session): session closed for user petr Mar 30 11:12:35 debian3 sshd[11109]: User petr not allowed because shell /usr/bin/tmux -l /bin/bash does not exist Mar 30 11:12:35 debian3 sshd[11109]: input_userauth_request: invalid user petr [preauth] Mar 30 11:12:37 debian3 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr Mar 30 11:12:40 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2 Mar 30 11:12:46 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2 Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session closed for user root Mar 30 11:35:15 debian3 su[11519]: No passwd entry for user 'd1/temp.txt' Mar 30 11:35:15 debian3 su[11519]: FAILED su for d1/temp.txt by ivan Mar 30 11:35:15 debian3 su[11519]: - /dev/pts/1 ivan:d1/temp.txt Mar 30 11:35:22 debian3 su[11520]: Successful su for root by ivan Mar 30 11:35:22 debian3 su[11520]: + /dev/pts/1 ivan:root Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session opened for user root by ivan(uid=1001) Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session closed for user root Mar 30 12:13:55 debian3 sshd[9423]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:14:03 debian3 sshd[11771]: Accepted password for ivan from 192.168.16.187 port 49379 ssh2 Mar 30 12:14:03 debian3 sshd[11771]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session closed for user root Mar 30 12:20:26 debian3 sshd[9367]: pam_unix(sshd:session): session closed for user root Mar 30 12:20:33 debian3 sshd[11888]: Accepted password for root from 192.168.16.187 port 49383 ssh2 Mar 30 12:20:33 debian3 sshd[11888]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:27:04 debian3 sshd[11888]: pam_unix(sshd:session): session closed for user root Mar 30 12:27:11 debian3 sshd[12153]: Accepted password for root from 192.168.16.187 port 49385 ssh2 Mar 30 12:27:11 debian3 sshd[12153]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:27:40 debian3 sshd[12269]: Accepted password for petr from 192.168.16.187 port 49386 ssh2 Mar 30 12:27:40 debian3 sshd[12269]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 30 12:27:44 debian3 sshd[12269]: pam_unix(sshd:session): session closed for user petr Mar 30 12:27:51 debian3 sshd[12278]: Accepted password for ivan from 192.168.16.187 port 49387 ssh2 Mar 30 12:27:51 debian3 sshd[12278]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:28:29 debian3 sshd[12278]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:28:35 debian3 sshd[12371]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2 Mar 30 12:28:35 debian3 sshd[12371]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:28:43 debian3 sshd[12371]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:29:05 debian3 sshd[12457]: Accepted password for ivan from 192.168.16.187 port 49389 ssh2 Mar 30 12:29:05 debian3 sshd[12457]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:30:39 debian3 sshd[12457]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:30:46 debian3 sshd[12553]: Accepted password for ivan from 192.168.16.187 port 49391 ssh2 Mar 30 12:30:46 debian3 sshd[12553]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:32:37 debian3 sshd[12553]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:32:43 debian3 sshd[12670]: Failed password for ivan from 192.168.16.187 port 49392 ssh2 Mar 30 12:32:43 debian3 sshd[12670]: fatal: Access denied for user ivan by PAM account configuration [preauth] Mar 30 12:33:27 debian3 sshd[12680]: Accepted password for ivan from 192.168.16.187 port 49393 ssh2 Mar 30 12:33:27 debian3 sshd[12680]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:33:45 debian3 sudo: ivan : user NOT in sudoers ; TTY=pts/5 ; PWD=/home/ivan ; USER=root ; COMMAND=/bin/login ivan Mar 30 12:33:52 debian3 sshd[12680]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:33:58 debian3 sshd[12784]: Accepted password for root from 192.168.16.187 port 49394 ssh2 Mar 30 12:33:58 debian3 sshd[12784]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:34:04 debian3 login[12831]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure Mar 30 12:34:15 debian3 login[12831]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'petr', Authentication failure Mar 30 12:34:17 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:34:19 debian3 login[12831]: FAILED LOGIN (3) on '/dev/pts/5' FOR 'root', Authentication failure Mar 30 12:34:23 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:34:27 debian3 login[12831]: FAILED LOGIN (4) on '/dev/pts/5' FOR 'root', Authentication failure Mar 30 12:34:32 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:34:34 debian3 login[12831]: FAILED LOGIN (5) on '/dev/pts/5' FOR 'root', Authentication failure Mar 30 12:34:34 debian3 login[12831]: TOO MANY LOGIN TRIES (5) on '/dev/pts/5' FOR 'root' Mar 30 12:34:34 debian3 login[12831]: pam_mail(login:session): pam_putenv: delete non-existent entry; MAIL Mar 30 12:34:34 debian3 login[12831]: pam_unix(login:session): session closed for user root Mar 30 12:35:02 debian3 sshd[12848]: Accepted password for root from 192.168.16.187 port 49396 ssh2 Mar 30 12:35:02 debian3 sshd[12848]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:35:07 debian3 sshd[12848]: pam_unix(sshd:session): session closed for user root Mar 30 12:36:14 debian3 login[12911]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'user', Authentication failure Mar 30 12:36:16 debian3 login[12911]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:36:19 debian3 login[12911]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'UNKNOWN', User not known to the underlying authentication module Mar 30 12:36:36 debian3 sshd[12784]: pam_unix(sshd:session): session closed for user root Mar 30 12:36:44 debian3 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=user Mar 30 12:36:46 debian3 sshd[12920]: Failed password for user from 192.168.16.187 port 49398 ssh2 Mar 30 12:36:48 debian3 sshd[12920]: Accepted password for user from 192.168.16.187 port 49398 ssh2 Mar 30 12:36:48 debian3 sshd[12920]: pam_unix(sshd:session): session opened for user user by (uid=0) Mar 30 12:37:31 debian3 su[12970]: Successful su for root by user Mar 30 12:37:31 debian3 su[12970]: + /dev/pts/5 user:root Mar 30 12:37:31 debian3 su[12970]: pam_unix(su:session): session opened for user root by user(uid=1000) Mar 30 13:17:01 debian3 CRON[13088]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 13:17:01 debian3 CRON[13088]: pam_unix(cron:session): session closed for user root Mar 30 13:45:38 debian3 login[13102]: pam_unix(login:auth): authentication failure; logname=user uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=news Mar 30 13:45:41 debian3 login[13102]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'news', Authentication failure Mar 30 13:46:43 debian3 passwd[13107]: pam_unix(passwd:chauthtok): password changed for news Mar 30 13:46:49 debian3 login[13108]: pam_unix(login:session): session opened for user news by user(uid=0) Mar 30 13:47:54 debian3 login[13108]: pam_unix(login:session): session closed for user news Mar 30 13:50:56 debian3 login[13114]: pam_unix(login:auth): authentication failure; logname=user uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=news Mar 30 13:50:59 debian3 login[13114]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'news', Authentication failure Mar 30 14:17:01 debian3 CRON[13259]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 14:17:01 debian3 CRON[13259]: pam_unix(cron:session): session closed for user root Mar 30 14:27:24 debian3 sshd[12153]: pam_unix(sshd:session): session closed for user root Mar 30 14:27:30 debian3 su[12970]: pam_unix(su:session): session closed for user root Mar 30 14:27:30 debian3 sshd[12920]: pam_unix(sshd:session): session closed for user user Mar 30 14:27:34 debian3 sshd[11771]: pam_unix(sshd:session): session closed for user ivan Mar 30 14:30:00 debian3 sshd[13354]: Accepted password for root from 192.168.16.187 port 49687 ssh2 Mar 30 14:30:00 debian3 sshd[13354]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 14:31:25 debian3 sshd[13354]: pam_unix(sshd:session): session closed for user root Mar 30 15:12:09 debian3 sshd[13442]: Accepted password for root from 192.168.16.187 port 49735 ssh2 Mar 30 15:12:09 debian3 sshd[13442]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:13:04 debian3 sshd[13494]: Accepted password for root from 192.168.16.166 port 43964 ssh2 Mar 30 15:13:04 debian3 sshd[13494]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:13:05 debian3 sshd[13494]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:13:05 debian3 sshd[13494]: pam_unix(sshd:session): session closed for user root Mar 30 15:17:01 debian3 CRON[13635]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 15:17:01 debian3 CRON[13635]: pam_unix(cron:session): session closed for user root Mar 30 15:17:40 debian3 sshd[13654]: Accepted password for root from 192.168.16.166 port 43965 ssh2 Mar 30 15:17:40 debian3 sshd[13654]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:17:40 debian3 sshd[13654]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:17:40 debian3 sshd[13654]: pam_unix(sshd:session): session closed for user root Mar 30 15:37:22 debian3 sshd[13713]: Connection closed by 192.168.16.166 [preauth] Mar 30 15:37:37 debian3 sshd[13715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.166 user=root Mar 30 15:37:40 debian3 sshd[13715]: Failed password for root from 192.168.16.166 port 56958 ssh2 Mar 30 15:37:42 debian3 sshd[13715]: Accepted password for root from 192.168.16.166 port 56958 ssh2 Mar 30 15:37:42 debian3 sshd[13715]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:37:42 debian3 sshd[13715]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:37:42 debian3 sshd[13715]: pam_unix(sshd:session): session closed for user root Mar 30 15:39:02 debian3 sshd[13718]: Accepted password for root from 192.168.16.166 port 56959 ssh2 Mar 30 15:39:02 debian3 sshd[13718]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:39:03 debian3 sshd[13718]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:39:03 debian3 sshd[13718]: pam_unix(sshd:session): session closed for user root Mar 30 15:41:07 debian3 sshd[13729]: Accepted password for root from 192.168.16.166 port 56960 ssh2 Mar 30 15:41:07 debian3 sshd[13729]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:41:07 debian3 sshd[13729]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:41:07 debian3 sshd[13729]: pam_unix(sshd:session): session closed for user root Mar 30 15:42:51 debian3 sshd[13748]: Accepted password for root from 192.168.16.166 port 56961 ssh2 Mar 30 15:42:51 debian3 sshd[13748]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:42:51 debian3 sshd[13748]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:42:51 debian3 sshd[13748]: pam_unix(sshd:session): session closed for user root Mar 30 16:17:01 debian3 CRON[13768]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 16:17:01 debian3 CRON[13768]: pam_unix(cron:session): session closed for user root Mar 30 17:17:01 debian3 CRON[13775]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 17:17:01 debian3 CRON[13775]: pam_unix(cron:session): session closed for user root Mar 30 17:19:12 debian3 sshd[13442]: pam_unix(sshd:session): session closed for user root Mar 30 18:17:01 debian3 CRON[13785]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 18:17:01 debian3 CRON[13785]: pam_unix(cron:session): session closed for user root Mar 30 19:17:01 debian3 CRON[13792]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 19:17:01 debian3 CRON[13792]: pam_unix(cron:session): session closed for user root Mar 30 20:17:01 debian3 CRON[13799]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 20:17:01 debian3 CRON[13799]: pam_unix(cron:session): session closed for user root Mar 30 21:17:01 debian3 CRON[13806]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 21:17:01 debian3 CRON[13806]: pam_unix(cron:session): session closed for user root Mar 30 22:17:01 debian3 CRON[13813]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 22:17:01 debian3 CRON[13813]: pam_unix(cron:session): session closed for user root Mar 30 23:17:01 debian3 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 23:17:01 debian3 CRON[13820]: pam_unix(cron:session): session closed for user root Mar 31 00:17:01 debian3 CRON[13827]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 00:17:01 debian3 CRON[13827]: pam_unix(cron:session): session closed for user root Mar 31 01:17:01 debian3 CRON[13834]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 01:17:01 debian3 CRON[13834]: pam_unix(cron:session): session closed for user root Mar 31 02:17:01 debian3 CRON[13841]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 02:17:01 debian3 CRON[13841]: pam_unix(cron:session): session closed for user root Mar 31 03:17:01 debian3 CRON[13848]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 03:17:01 debian3 CRON[13848]: pam_unix(cron:session): session closed for user root Mar 31 04:17:01 debian3 CRON[13855]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 04:17:01 debian3 CRON[13855]: pam_unix(cron:session): session closed for user root Mar 31 05:17:01 debian3 CRON[13862]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 05:17:01 debian3 CRON[13862]: pam_unix(cron:session): session closed for user root Mar 31 06:17:01 debian3 CRON[13869]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 06:17:01 debian3 CRON[13869]: pam_unix(cron:session): session closed for user root Mar 31 06:25:01 debian3 CRON[13872]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 06:25:02 debian3 su[13944]: Successful su for nobody by root Mar 31 06:25:02 debian3 su[13944]: + ??? root:nobody Mar 31 06:25:02 debian3 su[13944]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 31 06:25:02 debian3 su[13944]: pam_unix(su:session): session closed for user nobody Mar 31 06:25:02 debian3 su[13946]: Successful su for nobody by root Mar 31 06:25:02 debian3 su[13946]: + ??? root:nobody Mar 31 06:25:02 debian3 su[13946]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 31 06:25:02 debian3 su[13946]: pam_unix(su:session): session closed for user nobody Mar 31 06:25:02 debian3 su[13948]: Successful su for nobody by root Mar 31 06:25:02 debian3 su[13948]: + ??? root:nobody Mar 31 06:25:02 debian3 su[13948]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 31 06:25:02 debian3 su[13948]: pam_unix(su:session): session closed for user nobody Mar 31 06:25:03 debian3 CRON[13872]: pam_unix(cron:session): session closed for user root Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session closed for user root Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session closed for user root Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session closed for user root Mar 31 09:20:04 debian3 sshd[14025]: Accepted password for root from 192.168.16.187 port 49239 ssh2 Mar 31 09:20:04 debian3 sshd[14025]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 31 09:55:23 debian3 sshd[14222]: Accepted password for ivan from 192.168.16.187 port 49257 ssh2 Mar 31 09:55:23 debian3 sshd[14222]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 31 10:11:01 debian3 passwd[14306]: pam_unix(passwd:chauthtok): authentication failure; logname=ivan uid=1001 euid=0 tty= ruser= rhost= user=ivan Mar 31 10:17:01 debian3 CRON[14580]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 10:17:01 debian3 CRON[14580]: pam_unix(cron:session): session closed for user root Mar 31 11:17:01 debian3 CRON[15074]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 11:17:01 debian3 CRON[15074]: pam_unix(cron:session): session closed for user root Mar 31 11:57:07 debian3 login[15795]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=ivan Mar 31 11:57:10 debian3 login[15795]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure Mar 31 11:58:07 debian3 login[15805]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=ivan Mar 31 11:58:10 debian3 login[15805]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure Mar 31 11:58:17 debian3 login[15805]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 31 11:58:19 debian3 login[15805]: pam_unix(login:auth): check pass; user unknown Mar 31 11:58:19 debian3 login[15805]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= Mar 31 11:58:22 debian3 login[15805]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'UNKNOWN', User not known to the underlying authentication module Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session closed for user root Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session closed for user root Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105 Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105 Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information
Mar 31 14:22:55 debian3 user: Error!!!!
Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 31 07:17:01 debian3 /USR/SBIN/CRON[14009]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 08:17:01 debian3 /USR/SBIN/CRON[14016]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 09:17:01 debian3 /USR/SBIN/CRON[14023]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 10:17:01 debian3 /USR/SBIN/CRON[14581]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 11:17:01 debian3 /USR/SBIN/CRON[15075]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 12:17:01 debian3 /USR/SBIN/CRON[15975]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 13:17:01 debian3 /USR/SBIN/CRON[16006]: (root) CMD ( cd / && run-parts --report /etc/cron.hourly) Mar 31 13:49:06 debian3 /usr/sbin/cron[16183]: (CRON) INFO (pidfile fd = 3) Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) STARTUP (fork ok) Mar 31 13:49:06 debian3 /usr/sbin/cron[16184]: (CRON) INFO (Skipping @reboot jobs -- not system startup)
Mar 28 06:25:05 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 29 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 30 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed Mar 31 06:25:03 debian3 rsyslogd: [origin software="rsyslogd" swVersion="5.8.11" x-pid="1870" x-info="http://www.rsyslog.com"] rsyslogd was HUPed
Mar 28 06:25:05 debian3 CRON[7438]: pam_unix(cron:session): session closed for user root Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 07:17:01 debian3 CRON[7631]: pam_unix(cron:session): session closed for user root Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 08:17:01 debian3 CRON[7638]: pam_unix(cron:session): session closed for user root Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 09:17:01 debian3 CRON[7645]: pam_unix(cron:session): session closed for user root Mar 28 09:17:28 debian3 sshd[7648]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=root Mar 28 09:17:30 debian3 sshd[7648]: Failed password for root from 192.168.16.187 port 49236 ssh2 Mar 28 09:17:34 debian3 sshd[7648]: Accepted password for root from 192.168.16.187 port 49236 ssh2 Mar 28 09:17:34 debian3 sshd[7648]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 28 09:24:45 debian3 sshd[7695]: Accepted password for user from 192.168.16.187 port 49242 ssh2 Mar 28 09:24:45 debian3 sshd[7695]: pam_unix(sshd:session): session opened for user user by (uid=0) Mar 28 09:27:14 debian3 su[7891]: Successful su for root by user Mar 28 09:27:14 debian3 su[7891]: + /dev/pts/2 user:root Mar 28 09:27:14 debian3 su[7891]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:27:28 debian3 su[7891]: pam_unix(su:session): session closed for user root Mar 28 09:27:40 debian3 su[8227]: pam_unix(su:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=root Mar 28 09:27:42 debian3 su[8227]: pam_authenticate: Authentication failure Mar 28 09:27:42 debian3 su[8227]: FAILED su for root by user Mar 28 09:27:42 debian3 su[8227]: - /dev/pts/2 user:root Mar 28 09:27:53 debian3 su[8235]: Successful su for root by user Mar 28 09:27:53 debian3 su[8235]: + /dev/pts/2 user:root Mar 28 09:27:53 debian3 su[8235]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:27:59 debian3 su[8235]: pam_unix(su:session): session closed for user root Mar 28 09:33:16 debian3 sudo: user : user NOT in sudoers ; TTY=pts/2 ; PWD=/etc ; USER=root ; COMMAND=/bin/chmod 755 screenrc Mar 28 09:33:24 debian3 su[8705]: No passwd entry for user '755' Mar 28 09:33:24 debian3 su[8705]: FAILED su for 755 by user Mar 28 09:33:24 debian3 su[8705]: - /dev/pts/2 user:755 Mar 28 09:33:45 debian3 su[8713]: Successful su for root by user Mar 28 09:33:45 debian3 su[8713]: + /dev/pts/2 user:root Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:33:45 debian3 su[8713]: pam_unix(su:session): session closed for user root Mar 28 09:34:22 debian3 su[8756]: Successful su for root by user Mar 28 09:34:22 debian3 su[8756]: + /dev/pts/2 user:root Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 28 09:34:22 debian3 su[8756]: pam_unix(su:session): session closed for user root Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 10:17:01 debian3 CRON[8901]: pam_unix(cron:session): session closed for user root Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 11:17:01 debian3 CRON[9404]: pam_unix(cron:session): session closed for user root Mar 28 11:28:18 debian3 sshd[7648]: pam_unix(sshd:session): session closed for user root Mar 28 11:28:26 debian3 sshd[9544]: Accepted password for root from 192.168.16.187 port 49747 ssh2 Mar 28 11:28:26 debian3 sshd[9544]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 28 11:53:47 debian3 sshd[7695]: pam_unix(sshd:session): session closed for user user Mar 28 11:53:59 debian3 sshd[9806]: Invalid user acharnosh from 192.168.16.187 Mar 28 11:53:59 debian3 sshd[9806]: input_userauth_request: invalid user acharnosh [preauth] Mar 28 11:54:03 debian3 sshd[9806]: Received disconnect from 192.168.16.187: 13: Unable to authenticate [preauth] Mar 28 11:54:31 debian3 sshd[9808]: Connection closed by 192.168.16.187 [preauth] Mar 28 11:54:40 debian3 sshd[9810]: Accepted password for ivan from 192.168.16.187 port 49768 ssh2 Mar 28 11:54:40 debian3 sshd[9810]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 11:54:49 debian3 sshd[9810]: pam_unix(sshd:session): session closed for user ivan Mar 28 11:55:19 debian3 sshd[9896]: Accepted password for ivan from 192.168.16.187 port 49769 ssh2 Mar 28 11:55:19 debian3 sshd[9896]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 11:57:32 debian3 sshd[9896]: pam_unix(sshd:session): session closed for user ivan Mar 28 11:57:45 debian3 sshd[10088]: Connection closed by 192.168.16.187 [preauth] Mar 28 11:58:46 debian3 sshd[10090]: Accepted password for ivan from 192.168.16.187 port 49773 ssh2 Mar 28 11:58:46 debian3 sshd[10090]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 12:01:49 debian3 sshd[10090]: pam_unix(sshd:session): session closed for user ivan Mar 28 12:02:11 debian3 sshd[10215]: Accepted password for ivan from 192.168.16.187 port 49774 ssh2 Mar 28 12:02:11 debian3 sshd[10215]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 12:16:20 debian3 sshd[10349]: Accepted password for root from 192.168.16.187 port 49785 ssh2 Mar 28 12:16:20 debian3 sshd[10349]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 12:17:01 debian3 CRON[10415]: pam_unix(cron:session): session closed for user root Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 13:17:01 debian3 CRON[10953]: pam_unix(cron:session): session closed for user root Mar 28 13:38:46 debian3 sshd[11037]: Connection closed by 192.168.16.187 [preauth] Mar 28 13:39:46 debian3 sshd[11039]: Accepted password for petr from 192.168.16.187 port 49812 ssh2 Mar 28 13:39:46 debian3 sshd[11039]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 28 13:40:17 debian3 sshd[9544]: pam_unix(sshd:session): session closed for user root Mar 28 13:53:26 debian3 sshd[11039]: pam_unix(sshd:session): session closed for user petr Mar 28 14:00:09 debian3 sshd[11820]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr Mar 28 14:00:10 debian3 sshd[11820]: Failed password for petr from 192.168.16.187 port 49885 ssh2 Mar 28 14:00:14 debian3 sshd[11820]: Accepted password for petr from 192.168.16.187 port 49885 ssh2 Mar 28 14:00:14 debian3 sshd[11820]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 14:17:01 debian3 CRON[11946]: pam_unix(cron:session): session closed for user root Mar 28 14:24:00 debian3 sshd[11820]: pam_unix(sshd:session): session closed for user petr Mar 28 14:25:48 debian3 sshd[10215]: pam_unix(sshd:session): session closed for user ivan Mar 28 14:26:09 debian3 sshd[11968]: Accepted password for user from 192.168.16.187 port 49901 ssh2 Mar 28 14:26:09 debian3 sshd[11968]: pam_unix(sshd:session): session opened for user user by (uid=0) Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 15:17:01 debian3 CRON[12937]: pam_unix(cron:session): session closed for user root Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 16:17:01 debian3 CRON[13873]: pam_unix(cron:session): session closed for user root Mar 28 17:06:48 debian3 sshd[14025]: Accepted password for ivan from 192.168.16.187 port 50084 ssh2 Mar 28 17:06:48 debian3 sshd[14025]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 28 17:06:57 debian3 sshd[14025]: pam_unix(sshd:session): session closed for user ivan Mar 28 17:12:53 debian3 sshd[10349]: pam_unix(sshd:session): session closed for user root Mar 28 17:13:03 debian3 sshd[11968]: pam_unix(sshd:session): session closed for user user Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 17:17:01 debian3 CRON[14148]: pam_unix(cron:session): session closed for user root Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 18:17:01 debian3 CRON[14155]: pam_unix(cron:session): session closed for user root Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 19:17:01 debian3 CRON[14162]: pam_unix(cron:session): session closed for user root Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 20:17:01 debian3 CRON[14169]: pam_unix(cron:session): session closed for user root Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 21:17:01 debian3 CRON[14176]: pam_unix(cron:session): session closed for user root Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 22:17:01 debian3 CRON[14183]: pam_unix(cron:session): session closed for user root Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 28 23:17:01 debian3 CRON[14190]: pam_unix(cron:session): session closed for user root Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 00:17:01 debian3 CRON[14197]: pam_unix(cron:session): session closed for user root Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 01:17:01 debian3 CRON[14204]: pam_unix(cron:session): session closed for user root Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 02:17:01 debian3 CRON[14211]: pam_unix(cron:session): session closed for user root Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 03:17:01 debian3 CRON[14218]: pam_unix(cron:session): session closed for user root Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 04:17:01 debian3 CRON[14225]: pam_unix(cron:session): session closed for user root Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 05:17:01 debian3 CRON[14232]: pam_unix(cron:session): session closed for user root Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 06:17:01 debian3 CRON[14239]: pam_unix(cron:session): session closed for user root Mar 29 06:25:01 debian3 CRON[14242]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 06:25:02 debian3 su[14341]: Successful su for nobody by root Mar 29 06:25:02 debian3 su[14341]: + ??? root:nobody Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 29 06:25:02 debian3 su[14341]: pam_unix(su:session): session closed for user nobody Mar 29 06:25:02 debian3 su[14343]: Successful su for nobody by root Mar 29 06:25:02 debian3 su[14343]: + ??? root:nobody Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 29 06:25:02 debian3 su[14343]: pam_unix(su:session): session closed for user nobody Mar 29 06:25:02 debian3 su[14345]: Successful su for nobody by root Mar 29 06:25:02 debian3 su[14345]: + ??? root:nobody Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 29 06:25:02 debian3 su[14345]: pam_unix(su:session): session closed for user nobody Mar 29 06:25:03 debian3 CRON[14242]: pam_unix(cron:session): session closed for user root Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 07:17:01 debian3 CRON[14398]: pam_unix(cron:session): session closed for user root Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 08:17:01 debian3 CRON[14405]: pam_unix(cron:session): session closed for user root Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 09:17:01 debian3 CRON[14412]: pam_unix(cron:session): session closed for user root Mar 29 09:41:48 debian3 sshd[14417]: Accepted password for root from 192.168.16.187 port 49228 ssh2 Mar 29 09:41:48 debian3 sshd[14417]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 10:17:01 debian3 CRON[14836]: pam_unix(cron:session): session closed for user root Mar 29 10:54:13 debian3 login[15706]: pam_unix(login:session): session opened for user user by (uid=0) Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 11:17:01 debian3 CRON[17444]: pam_unix(cron:session): session closed for user root Mar 29 11:54:12 debian3 sudo: pam_unix(sudo:auth): authentication failure; logname= uid=1000 euid=0 tty=/dev/pts/2 ruser=user rhost= user=user Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): conversation failed Mar 29 11:54:31 debian3 sudo: pam_unix(sudo:auth): auth could not identify password for [user] Mar 29 11:54:31 debian3 sudo: user : 2 incorrect password attempts ; TTY=pts/2 ; PWD=/etc/cron.daily ; USER=root ; COMMAND=/usr/bin/updatedb Mar 29 11:57:39 debian3 su[17590]: Successful su for root by user Mar 29 11:57:39 debian3 su[17590]: + /dev/pts/2 user:root Mar 29 11:57:39 debian3 su[17590]: pam_unix(su:session): session opened for user root by (uid=1000) Mar 29 11:57:44 debian3 su[17590]: pam_unix(su:session): session closed for user root Mar 29 11:59:58 debian3 login[15706]: pam_unix(login:session): session closed for user user Mar 29 12:03:04 debian3 sshd[17862]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2 Mar 29 12:03:04 debian3 sshd[17862]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 29 12:06:00 debian3 sshd[17862]: pam_unix(sshd:session): session closed for user ivan Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 12:17:01 debian3 CRON[18269]: pam_unix(cron:session): session closed for user root Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 13:17:01 debian3 CRON[19407]: pam_unix(cron:session): session closed for user root Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 14:17:02 debian3 CRON[19810]: pam_unix(cron:session): session closed for user root Mar 29 14:33:23 debian3 useradd[20008]: new group: name=anna, GID=1003 Mar 29 14:33:23 debian3 useradd[20008]: new user: name=anna, UID=1003, GID=1003, home=/home/anna, shell=/bin/sh Mar 29 14:37:28 debian3 usermod[20066]: change user 'user' shell from '/bin/bash' to '/bin/sh' Mar 29 14:37:28 debian3 usermod[20071]: change user 'ivan' shell from '/bin/bash' to '/bin/sh' Mar 29 14:37:28 debian3 usermod[20076]: change user 'petr' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:20 debian3 usermod[20118]: change user 'user' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:20 debian3 usermod[20123]: change user 'ivan' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:20 debian3 usermod[20128]: change user 'petr' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:20 debian3 usermod[20133]: change user 'anna' shell from '/bin/sh' to '/bin/bash' Mar 29 14:41:41 debian3 usermod[20142]: change user 'user' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:41 debian3 usermod[20147]: change user 'ivan' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:41 debian3 usermod[20152]: change user 'petr' shell from '/bin/bash' to '/bin/sh' Mar 29 14:41:41 debian3 usermod[20157]: change user 'anna' shell from '/bin/bash' to '/bin/sh' Mar 29 14:45:05 debian3 usermod[20166]: change user 'user' shell from '/bin/sh' to '/bin/bash' Mar 29 14:45:05 debian3 usermod[20171]: change user 'ivan' shell from '/bin/sh' to '/bin/bash' Mar 29 14:45:05 debian3 usermod[20176]: change user 'petr' shell from '/bin/sh' to '/bin/bash' Mar 29 14:45:05 debian3 usermod[20181]: change user 'anna' shell from '/bin/sh' to '/bin/bash' Mar 29 15:00:59 debian3 usermod[20477]: change user 'user' shell from '/bin/bash' to '/bin/sh' Mar 29 15:00:59 debian3 usermod[20482]: change user 'ivan' shell from '/bin/bash' to '/bin/sh' Mar 29 15:00:59 debian3 usermod[20487]: change user 'petr' shell from '/bin/bash' to '/bin/sh' Mar 29 15:00:59 debian3 usermod[20492]: change user 'anna' shell from '/bin/bash' to '/bin/sh' Mar 29 15:01:02 debian3 usermod[20508]: change user 'user' shell from '/bin/sh' to '/bin/bash' Mar 29 15:01:02 debian3 usermod[20513]: change user 'ivan' shell from '/bin/sh' to '/bin/bash' Mar 29 15:01:02 debian3 usermod[20518]: change user 'petr' shell from '/bin/sh' to '/bin/bash' Mar 29 15:01:02 debian3 usermod[20523]: change user 'anna' shell from '/bin/sh' to '/bin/bash' Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 15:17:01 debian3 CRON[20588]: pam_unix(cron:session): session closed for user root Mar 29 15:48:46 debian3 sshd[24308]: Accepted password for ivan from 192.168.16.187 port 49738 ssh2 Mar 29 15:48:46 debian3 sshd[24308]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 16:17:01 debian3 CRON[8869]: pam_unix(cron:session): session closed for user root Mar 29 16:20:37 debian3 su[8879]: Successful su for ivan by root Mar 29 16:20:37 debian3 su[8879]: + /dev/pts/0 root:ivan Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session opened for user ivan by root(uid=0) Mar 29 16:20:37 debian3 su[8879]: pam_unix(su:session): session closed for user ivan Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 17:17:01 debian3 CRON[9045]: pam_unix(cron:session): session closed for user root Mar 29 17:25:12 debian3 su[9088]: No passwd entry for user 'matrix.jpg' Mar 29 17:25:12 debian3 su[9088]: FAILED su for matrix.jpg by ivan Mar 29 17:25:12 debian3 su[9088]: - /dev/pts/1 ivan:matrix.jpg Mar 29 17:25:26 debian3 su[9089]: Successful su for root by ivan Mar 29 17:25:26 debian3 su[9089]: + /dev/pts/1 ivan:root Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session opened for user root by ivan(uid=1001) Mar 29 17:25:26 debian3 su[9089]: pam_unix(su:session): session closed for user root Mar 29 17:31:46 debian3 sshd[24308]: pam_unix(sshd:session): session closed for user ivan Mar 29 17:31:47 debian3 sshd[14417]: pam_unix(sshd:session): session closed for user root Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 18:17:01 debian3 CRON[9124]: pam_unix(cron:session): session closed for user root Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 19:17:01 debian3 CRON[9131]: pam_unix(cron:session): session closed for user root Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 20:17:01 debian3 CRON[9138]: pam_unix(cron:session): session closed for user root Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 21:17:01 debian3 CRON[9145]: pam_unix(cron:session): session closed for user root Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 22:17:01 debian3 CRON[9152]: pam_unix(cron:session): session closed for user root Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 29 23:17:01 debian3 CRON[9159]: pam_unix(cron:session): session closed for user root Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 00:17:01 debian3 CRON[9166]: pam_unix(cron:session): session closed for user root Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 01:17:01 debian3 CRON[9173]: pam_unix(cron:session): session closed for user root Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 02:17:01 debian3 CRON[9180]: pam_unix(cron:session): session closed for user root Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 03:17:01 debian3 CRON[9187]: pam_unix(cron:session): session closed for user root Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 04:17:01 debian3 CRON[9194]: pam_unix(cron:session): session closed for user root Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 05:17:01 debian3 CRON[9202]: pam_unix(cron:session): session closed for user root Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 06:17:01 debian3 CRON[9209]: pam_unix(cron:session): session closed for user root Mar 30 06:25:01 debian3 CRON[9212]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 06:25:02 debian3 su[9284]: Successful su for nobody by root Mar 30 06:25:02 debian3 su[9284]: + ??? root:nobody Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 30 06:25:02 debian3 su[9284]: pam_unix(su:session): session closed for user nobody Mar 30 06:25:02 debian3 su[9286]: Successful su for nobody by root Mar 30 06:25:02 debian3 su[9286]: + ??? root:nobody Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 30 06:25:02 debian3 su[9286]: pam_unix(su:session): session closed for user nobody Mar 30 06:25:02 debian3 su[9288]: Successful su for nobody by root Mar 30 06:25:02 debian3 su[9288]: + ??? root:nobody Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 30 06:25:02 debian3 su[9288]: pam_unix(su:session): session closed for user nobody Mar 30 06:25:03 debian3 CRON[9212]: pam_unix(cron:session): session closed for user root Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 07:17:01 debian3 CRON[9348]: pam_unix(cron:session): session closed for user root Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 08:17:01 debian3 CRON[9355]: pam_unix(cron:session): session closed for user root Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 09:17:01 debian3 CRON[9362]: pam_unix(cron:session): session closed for user root Mar 30 09:38:59 debian3 sshd[9367]: Accepted password for root from 192.168.16.187 port 49218 ssh2 Mar 30 09:38:59 debian3 sshd[9367]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 09:45:32 debian3 sshd[9423]: Accepted password for ivan from 192.168.16.187 port 49228 ssh2 Mar 30 09:45:32 debian3 sshd[9423]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 09:55:45 debian3 chfn[9628]: changed user 'ivan' information Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 10:17:01 debian3 CRON[9745]: pam_unix(cron:session): session closed for user root Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/group: name=developers, GID=1004 Mar 30 10:31:06 debian3 groupadd[9863]: group added to /etc/gshadow: name=developers Mar 30 10:31:06 debian3 groupadd[9863]: new group: name=developers, GID=1004 Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to group 'developers' Mar 30 10:34:07 debian3 usermod[9898]: add 'ivan' to shadow group 'developers' Mar 30 10:37:09 debian3 gpasswd[9960]: user petr added by root to group developers Mar 30 10:40:06 debian3 gpasswd[10011]: administrators of group developers set by root to anna Mar 30 10:45:09 debian3 passwd[10097]: password for 'ivan' changed by 'root' Mar 30 10:45:15 debian3 passwd[10116]: password for 'ivan' changed by 'root' Mar 30 10:45:43 debian3 passwd[10142]: password for 'ivan' changed by 'root' Mar 30 10:45:46 debian3 passwd[10154]: password for 'ivan' changed by 'root' Mar 30 10:46:58 debian3 passwd[10166]: password for 'ivan' changed by 'root' Mar 30 10:47:10 debian3 passwd[10185]: password for 'ivan' changed by 'root' Mar 30 11:05:04 debian3 sshd[10324]: Accepted password for ivan from 127.0.0.1 port 44192 ssh2 Mar 30 11:05:04 debian3 sshd[10324]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 11:05:55 debian3 sshd[10326]: Received disconnect from 127.0.0.1: 11: disconnected by user Mar 30 11:05:55 debian3 sshd[10324]: pam_unix(sshd:session): session closed for user ivan Mar 30 11:06:16 debian3 sshd[10646]: Accepted password for ivan from 127.0.0.1 port 44194 ssh2 Mar 30 11:06:16 debian3 sshd[10646]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 11:06:55 debian3 sshd[10648]: Received disconnect from 127.0.0.1: 11: disconnected by user Mar 30 11:06:55 debian3 sshd[10646]: pam_unix(sshd:session): session closed for user ivan Mar 30 11:10:18 debian3 sshd[11024]: Accepted password for petr from 192.168.16.187 port 49352 ssh2 Mar 30 11:10:18 debian3 sshd[11024]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 30 11:10:54 debian3 sshd[11024]: pam_unix(sshd:session): session closed for user petr Mar 30 11:12:35 debian3 sshd[11109]: User petr not allowed because shell /usr/bin/tmux -l /bin/bash does not exist Mar 30 11:12:35 debian3 sshd[11109]: input_userauth_request: invalid user petr [preauth] Mar 30 11:12:37 debian3 sshd[11109]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=petr Mar 30 11:12:40 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2 Mar 30 11:12:46 debian3 sshd[11109]: Failed password for invalid user petr from 192.168.16.187 port 49353 ssh2 Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 11:17:01 debian3 CRON[11168]: pam_unix(cron:session): session closed for user root Mar 30 11:35:15 debian3 su[11519]: No passwd entry for user 'd1/temp.txt' Mar 30 11:35:15 debian3 su[11519]: FAILED su for d1/temp.txt by ivan Mar 30 11:35:15 debian3 su[11519]: - /dev/pts/1 ivan:d1/temp.txt Mar 30 11:35:22 debian3 su[11520]: Successful su for root by ivan Mar 30 11:35:22 debian3 su[11520]: + /dev/pts/1 ivan:root Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session opened for user root by ivan(uid=1001) Mar 30 11:35:22 debian3 su[11520]: pam_unix(su:session): session closed for user root Mar 30 12:13:55 debian3 sshd[9423]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:14:03 debian3 sshd[11771]: Accepted password for ivan from 192.168.16.187 port 49379 ssh2 Mar 30 12:14:03 debian3 sshd[11771]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 12:17:01 debian3 CRON[11864]: pam_unix(cron:session): session closed for user root Mar 30 12:20:26 debian3 sshd[9367]: pam_unix(sshd:session): session closed for user root Mar 30 12:20:33 debian3 sshd[11888]: Accepted password for root from 192.168.16.187 port 49383 ssh2 Mar 30 12:20:33 debian3 sshd[11888]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:27:04 debian3 sshd[11888]: pam_unix(sshd:session): session closed for user root Mar 30 12:27:11 debian3 sshd[12153]: Accepted password for root from 192.168.16.187 port 49385 ssh2 Mar 30 12:27:11 debian3 sshd[12153]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:27:40 debian3 sshd[12269]: Accepted password for petr from 192.168.16.187 port 49386 ssh2 Mar 30 12:27:40 debian3 sshd[12269]: pam_unix(sshd:session): session opened for user petr by (uid=0) Mar 30 12:27:44 debian3 sshd[12269]: pam_unix(sshd:session): session closed for user petr Mar 30 12:27:51 debian3 sshd[12278]: Accepted password for ivan from 192.168.16.187 port 49387 ssh2 Mar 30 12:27:51 debian3 sshd[12278]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:28:29 debian3 sshd[12278]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:28:35 debian3 sshd[12371]: Accepted password for ivan from 192.168.16.187 port 49388 ssh2 Mar 30 12:28:35 debian3 sshd[12371]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:28:43 debian3 sshd[12371]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:29:05 debian3 sshd[12457]: Accepted password for ivan from 192.168.16.187 port 49389 ssh2 Mar 30 12:29:05 debian3 sshd[12457]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:30:39 debian3 sshd[12457]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:30:46 debian3 sshd[12553]: Accepted password for ivan from 192.168.16.187 port 49391 ssh2 Mar 30 12:30:46 debian3 sshd[12553]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:32:37 debian3 sshd[12553]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:32:43 debian3 sshd[12670]: Failed password for ivan from 192.168.16.187 port 49392 ssh2 Mar 30 12:32:43 debian3 sshd[12670]: fatal: Access denied for user ivan by PAM account configuration [preauth] Mar 30 12:33:27 debian3 sshd[12680]: Accepted password for ivan from 192.168.16.187 port 49393 ssh2 Mar 30 12:33:27 debian3 sshd[12680]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 30 12:33:45 debian3 sudo: ivan : user NOT in sudoers ; TTY=pts/5 ; PWD=/home/ivan ; USER=root ; COMMAND=/bin/login ivan Mar 30 12:33:52 debian3 sshd[12680]: pam_unix(sshd:session): session closed for user ivan Mar 30 12:33:58 debian3 sshd[12784]: Accepted password for root from 192.168.16.187 port 49394 ssh2 Mar 30 12:33:58 debian3 sshd[12784]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:34:04 debian3 login[12831]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure Mar 30 12:34:15 debian3 login[12831]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'petr', Authentication failure Mar 30 12:34:17 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:34:19 debian3 login[12831]: FAILED LOGIN (3) on '/dev/pts/5' FOR 'root', Authentication failure Mar 30 12:34:23 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:34:27 debian3 login[12831]: FAILED LOGIN (4) on '/dev/pts/5' FOR 'root', Authentication failure Mar 30 12:34:32 debian3 login[12831]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:34:34 debian3 login[12831]: FAILED LOGIN (5) on '/dev/pts/5' FOR 'root', Authentication failure Mar 30 12:34:34 debian3 login[12831]: TOO MANY LOGIN TRIES (5) on '/dev/pts/5' FOR 'root' Mar 30 12:34:34 debian3 login[12831]: pam_mail(login:session): pam_putenv: delete non-existent entry; MAIL Mar 30 12:34:34 debian3 login[12831]: pam_unix(login:session): session closed for user root Mar 30 12:35:02 debian3 sshd[12848]: Accepted password for root from 192.168.16.187 port 49396 ssh2 Mar 30 12:35:02 debian3 sshd[12848]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 12:35:07 debian3 sshd[12848]: pam_unix(sshd:session): session closed for user root Mar 30 12:36:14 debian3 login[12911]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'user', Authentication failure Mar 30 12:36:16 debian3 login[12911]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 30 12:36:19 debian3 login[12911]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'UNKNOWN', User not known to the underlying authentication module Mar 30 12:36:36 debian3 sshd[12784]: pam_unix(sshd:session): session closed for user root Mar 30 12:36:44 debian3 sshd[12920]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.187 user=user Mar 30 12:36:46 debian3 sshd[12920]: Failed password for user from 192.168.16.187 port 49398 ssh2 Mar 30 12:36:48 debian3 sshd[12920]: Accepted password for user from 192.168.16.187 port 49398 ssh2 Mar 30 12:36:48 debian3 sshd[12920]: pam_unix(sshd:session): session opened for user user by (uid=0) Mar 30 12:37:31 debian3 su[12970]: Successful su for root by user Mar 30 12:37:31 debian3 su[12970]: + /dev/pts/5 user:root Mar 30 12:37:31 debian3 su[12970]: pam_unix(su:session): session opened for user root by user(uid=1000) Mar 30 13:17:01 debian3 CRON[13088]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 13:17:01 debian3 CRON[13088]: pam_unix(cron:session): session closed for user root Mar 30 13:45:38 debian3 login[13102]: pam_unix(login:auth): authentication failure; logname=user uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=news Mar 30 13:45:41 debian3 login[13102]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'news', Authentication failure Mar 30 13:46:43 debian3 passwd[13107]: pam_unix(passwd:chauthtok): password changed for news Mar 30 13:46:49 debian3 login[13108]: pam_unix(login:session): session opened for user news by user(uid=0) Mar 30 13:47:54 debian3 login[13108]: pam_unix(login:session): session closed for user news Mar 30 13:50:56 debian3 login[13114]: pam_unix(login:auth): authentication failure; logname=user uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=news Mar 30 13:50:59 debian3 login[13114]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'news', Authentication failure Mar 30 14:17:01 debian3 CRON[13259]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 14:17:01 debian3 CRON[13259]: pam_unix(cron:session): session closed for user root Mar 30 14:27:24 debian3 sshd[12153]: pam_unix(sshd:session): session closed for user root Mar 30 14:27:30 debian3 su[12970]: pam_unix(su:session): session closed for user root Mar 30 14:27:30 debian3 sshd[12920]: pam_unix(sshd:session): session closed for user user Mar 30 14:27:34 debian3 sshd[11771]: pam_unix(sshd:session): session closed for user ivan Mar 30 14:30:00 debian3 sshd[13354]: Accepted password for root from 192.168.16.187 port 49687 ssh2 Mar 30 14:30:00 debian3 sshd[13354]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 14:31:25 debian3 sshd[13354]: pam_unix(sshd:session): session closed for user root Mar 30 15:12:09 debian3 sshd[13442]: Accepted password for root from 192.168.16.187 port 49735 ssh2 Mar 30 15:12:09 debian3 sshd[13442]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:13:04 debian3 sshd[13494]: Accepted password for root from 192.168.16.166 port 43964 ssh2 Mar 30 15:13:04 debian3 sshd[13494]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:13:05 debian3 sshd[13494]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:13:05 debian3 sshd[13494]: pam_unix(sshd:session): session closed for user root Mar 30 15:17:01 debian3 CRON[13635]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 15:17:01 debian3 CRON[13635]: pam_unix(cron:session): session closed for user root Mar 30 15:17:40 debian3 sshd[13654]: Accepted password for root from 192.168.16.166 port 43965 ssh2 Mar 30 15:17:40 debian3 sshd[13654]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:17:40 debian3 sshd[13654]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:17:40 debian3 sshd[13654]: pam_unix(sshd:session): session closed for user root Mar 30 15:37:22 debian3 sshd[13713]: Connection closed by 192.168.16.166 [preauth] Mar 30 15:37:37 debian3 sshd[13715]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.16.166 user=root Mar 30 15:37:40 debian3 sshd[13715]: Failed password for root from 192.168.16.166 port 56958 ssh2 Mar 30 15:37:42 debian3 sshd[13715]: Accepted password for root from 192.168.16.166 port 56958 ssh2 Mar 30 15:37:42 debian3 sshd[13715]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:37:42 debian3 sshd[13715]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:37:42 debian3 sshd[13715]: pam_unix(sshd:session): session closed for user root Mar 30 15:39:02 debian3 sshd[13718]: Accepted password for root from 192.168.16.166 port 56959 ssh2 Mar 30 15:39:02 debian3 sshd[13718]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:39:03 debian3 sshd[13718]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:39:03 debian3 sshd[13718]: pam_unix(sshd:session): session closed for user root Mar 30 15:41:07 debian3 sshd[13729]: Accepted password for root from 192.168.16.166 port 56960 ssh2 Mar 30 15:41:07 debian3 sshd[13729]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:41:07 debian3 sshd[13729]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:41:07 debian3 sshd[13729]: pam_unix(sshd:session): session closed for user root Mar 30 15:42:51 debian3 sshd[13748]: Accepted password for root from 192.168.16.166 port 56961 ssh2 Mar 30 15:42:51 debian3 sshd[13748]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 30 15:42:51 debian3 sshd[13748]: Received disconnect from 192.168.16.166: 11: disconnected by user Mar 30 15:42:51 debian3 sshd[13748]: pam_unix(sshd:session): session closed for user root Mar 30 16:17:01 debian3 CRON[13768]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 16:17:01 debian3 CRON[13768]: pam_unix(cron:session): session closed for user root Mar 30 17:17:01 debian3 CRON[13775]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 17:17:01 debian3 CRON[13775]: pam_unix(cron:session): session closed for user root Mar 30 17:19:12 debian3 sshd[13442]: pam_unix(sshd:session): session closed for user root Mar 30 18:17:01 debian3 CRON[13785]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 18:17:01 debian3 CRON[13785]: pam_unix(cron:session): session closed for user root Mar 30 19:17:01 debian3 CRON[13792]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 19:17:01 debian3 CRON[13792]: pam_unix(cron:session): session closed for user root Mar 30 20:17:01 debian3 CRON[13799]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 20:17:01 debian3 CRON[13799]: pam_unix(cron:session): session closed for user root Mar 30 21:17:01 debian3 CRON[13806]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 21:17:01 debian3 CRON[13806]: pam_unix(cron:session): session closed for user root Mar 30 22:17:01 debian3 CRON[13813]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 22:17:01 debian3 CRON[13813]: pam_unix(cron:session): session closed for user root Mar 30 23:17:01 debian3 CRON[13820]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 30 23:17:01 debian3 CRON[13820]: pam_unix(cron:session): session closed for user root Mar 31 00:17:01 debian3 CRON[13827]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 00:17:01 debian3 CRON[13827]: pam_unix(cron:session): session closed for user root Mar 31 01:17:01 debian3 CRON[13834]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 01:17:01 debian3 CRON[13834]: pam_unix(cron:session): session closed for user root Mar 31 02:17:01 debian3 CRON[13841]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 02:17:01 debian3 CRON[13841]: pam_unix(cron:session): session closed for user root Mar 31 03:17:01 debian3 CRON[13848]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 03:17:01 debian3 CRON[13848]: pam_unix(cron:session): session closed for user root Mar 31 04:17:01 debian3 CRON[13855]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 04:17:01 debian3 CRON[13855]: pam_unix(cron:session): session closed for user root Mar 31 05:17:01 debian3 CRON[13862]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 05:17:01 debian3 CRON[13862]: pam_unix(cron:session): session closed for user root Mar 31 06:17:01 debian3 CRON[13869]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 06:17:01 debian3 CRON[13869]: pam_unix(cron:session): session closed for user root Mar 31 06:25:01 debian3 CRON[13872]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 06:25:02 debian3 su[13944]: Successful su for nobody by root Mar 31 06:25:02 debian3 su[13944]: + ??? root:nobody Mar 31 06:25:02 debian3 su[13944]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 31 06:25:02 debian3 su[13944]: pam_unix(su:session): session closed for user nobody Mar 31 06:25:02 debian3 su[13946]: Successful su for nobody by root Mar 31 06:25:02 debian3 su[13946]: + ??? root:nobody Mar 31 06:25:02 debian3 su[13946]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 31 06:25:02 debian3 su[13946]: pam_unix(su:session): session closed for user nobody Mar 31 06:25:02 debian3 su[13948]: Successful su for nobody by root Mar 31 06:25:02 debian3 su[13948]: + ??? root:nobody Mar 31 06:25:02 debian3 su[13948]: pam_unix(su:session): session opened for user nobody by (uid=0) Mar 31 06:25:02 debian3 su[13948]: pam_unix(su:session): session closed for user nobody Mar 31 06:25:03 debian3 CRON[13872]: pam_unix(cron:session): session closed for user root Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 07:17:01 debian3 CRON[14008]: pam_unix(cron:session): session closed for user root Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 08:17:01 debian3 CRON[14015]: pam_unix(cron:session): session closed for user root Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 09:17:01 debian3 CRON[14022]: pam_unix(cron:session): session closed for user root Mar 31 09:20:04 debian3 sshd[14025]: Accepted password for root from 192.168.16.187 port 49239 ssh2 Mar 31 09:20:04 debian3 sshd[14025]: pam_unix(sshd:session): session opened for user root by (uid=0) Mar 31 09:55:23 debian3 sshd[14222]: Accepted password for ivan from 192.168.16.187 port 49257 ssh2 Mar 31 09:55:23 debian3 sshd[14222]: pam_unix(sshd:session): session opened for user ivan by (uid=0) Mar 31 10:11:01 debian3 passwd[14306]: pam_unix(passwd:chauthtok): authentication failure; logname=ivan uid=1001 euid=0 tty= ruser= rhost= user=ivan Mar 31 10:17:01 debian3 CRON[14580]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 10:17:01 debian3 CRON[14580]: pam_unix(cron:session): session closed for user root Mar 31 11:17:01 debian3 CRON[15074]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 11:17:01 debian3 CRON[15074]: pam_unix(cron:session): session closed for user root Mar 31 11:57:07 debian3 login[15795]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=ivan Mar 31 11:57:10 debian3 login[15795]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure Mar 31 11:58:07 debian3 login[15805]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= user=ivan Mar 31 11:58:10 debian3 login[15805]: FAILED LOGIN (1) on '/dev/pts/5' FOR 'ivan', Authentication failure Mar 31 11:58:17 debian3 login[15805]: pam_securetty(login:auth): access denied: tty '/dev/pts/5' is not secure ! Mar 31 11:58:19 debian3 login[15805]: pam_unix(login:auth): check pass; user unknown Mar 31 11:58:19 debian3 login[15805]: pam_unix(login:auth): authentication failure; logname=LOGIN uid=0 euid=0 tty=/dev/pts/5 ruser= rhost= Mar 31 11:58:22 debian3 login[15805]: FAILED LOGIN (2) on '/dev/pts/5' FOR 'UNKNOWN', User not known to the underlying authentication module Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 12:17:01 debian3 CRON[15974]: pam_unix(cron:session): session closed for user root Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session opened for user root by (uid=0) Mar 31 13:17:01 debian3 CRON[16005]: pam_unix(cron:session): session closed for user root Mar 31 13:52:23 debian3 groupadd[16401]: group added to /etc/group: name=ftp, GID=105 Mar 31 13:52:24 debian3 groupadd[16401]: group added to /etc/gshadow: name=ftp Mar 31 13:52:24 debian3 groupadd[16401]: new group: name=ftp, GID=105 Mar 31 13:52:24 debian3 useradd[16405]: new user: name=ftp, UID=103, GID=105, home=/srv/ftp, shell=/bin/false Mar 31 13:52:24 debian3 usermod[16410]: change user 'ftp' password Mar 31 13:52:24 debian3 chage[16415]: changed password expiry for ftp Mar 31 13:52:24 debian3 chfn[16418]: changed user 'ftp' information
#!/bin/sh test -x /usr/sbin/logrotate || exit 0 /usr/sbin/logrotate /etc/logrotate.conf
# /etc/profile: system-wide .profile file for the Bourne shell (sh(1))
# and Bourne compatible shells (bash(1), ksh(1), ash(1), ...).
if [ "`id -u`" -eq 0 ]; then
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
else
PATH="/usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games"
fi
export PATH
if [ "$PS1" ]; then
if [ "$BASH" ] && [ "$BASH" != "/bin/sh" ]; then
# The file bash.bashrc already sets the default PS1.
# PS1='\h:\w\$ '
if [ -f /etc/bash.bashrc ]; then
. /etc/bash.bashrc
fi
else
if [ "`id -u`" -eq 0 ]; then
PS1='# '
else
PS1='$ '
fi
fi
fi
# The default umask is now handled by pam_umask.
# See pam_umask(8) and /etc/login.defs.
if [ -d /etc/profile.d ]; then
for i in /etc/profile.d/*.sh; do
if [ -r $i ]; then
. $i
fi
done
unset i
fi
HISTSIZE=2000
HISTFILESIZE=2000
export HISTSIZE HISTFILESIZE
#
# Logrotate fragment for squid.
#
/var/log/squid/*.log {
daily
compress
delaycompress
rotate 2
missingok
nocreate
sharedscripts
postrotate
test ! -e /var/run/squid.pid || /usr/sbin/squid -k rotate
endscript
}
| Время первой команды журнала | 10:56:18 2017- 3-31 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Время последней команды журнала | 13:54:38 2017- 3-31 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в журнале | 101 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент команд с ненулевым кодом завершения, % | 23.76 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Процент синтаксически неверно набранных команд, % | 7.92 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Суммарное время работы с терминалом *, час | 1.52 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Количество командных строк в единицу времени, команда/мин | 1.11 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| Частота использования команд |
|
В журнал автоматически попадают все команды, данные в любом терминале системы.
Для того чтобы убедиться, что журнал на текущем терминале ведётся, и команды записываются, дайте команду w. В поле WHAT, соответствующем текущему терминалу, должна быть указана программа script.
Команды, при наборе которых были допущены синтаксические ошибки, выводятся перечёркнутым текстом:
$ l s-l bash: l: command not found |
Если код завершения команды равен нулю, команда была выполнена без ошибок. Команды, код завершения которых отличен от нуля, выделяются цветом.
$ test 5 -lt 4 |
Команды, ход выполнения которых был прерван пользователем, выделяются цветом.
$ find / -name abc find: /home/devi-orig/.gnome2: Keine Berechtigung find: /home/devi-orig/.gnome2_private: Keine Berechtigung find: /home/devi-orig/.nautilus/metafiles: Keine Berechtigung find: /home/devi-orig/.metacity: Keine Berechtigung find: /home/devi-orig/.inkscape: Keine Berechtigung ^C |
Команды, выполненные с привилегиями суперпользователя, выделяются слева красной чертой.
# id uid=0(root) gid=0(root) Gruppen=0(root) |
Изменения, внесённые в текстовый файл с помощью редактора, запоминаются и показываются в журнале в формате ed. Строки, начинающиеся символом "<", удалены, а строки, начинающиеся символом ">" -- добавлены.
$ vi ~/.bashrc
|
Для того чтобы изменить файл в соответствии с показанными в диффшоте изменениями, можно воспользоваться командой patch. Нужно скопировать изменения, запустить программу patch, указав в качестве её аргумента файл, к которому применяются изменения, и всавить скопированный текст:
$ patch ~/.bashrc |
Для того чтобы получить краткую справочную информацию о команде, нужно подвести к ней мышь. Во всплывающей подсказке появится краткое описание команды.
Если справочная информация о команде есть, команда выделяется голубым фоном, например: vi. Если справочная информация отсутствует, команда выделяется розовым фоном, например: notepad.exe. Справочная информация может отсутствовать в том случае, если (1) команда введена неверно; (2) если распознавание команды LiLaLo выполнено неверно; (3) если информация о команде неизвестна LiLaLo. Последнее возможно для редких команд.
Большие, в особенности многострочные, всплывающие подсказки лучше всего показываются браузерами KDE Konqueror, Apple Safari и Microsoft Internet Explorer. В браузерах Mozilla и Firefox они отображаются не полностью, а вместо перевода строки выводится специальный символ.
Время ввода команды, показанное в журнале, соответствует времени начала ввода командной строки, которое равно тому моменту, когда на терминале появилось приглашение интерпретатора
Имя терминала, на котором была введена команда, показано в специальном блоке. Этот блок показывается только в том случае, если терминал текущей команды отличается от терминала предыдущей.
Вывод не интересующих вас в настоящий момент элементов журнала, таких как время, имя терминала и других, можно отключить. Для этого нужно воспользоваться формой управления журналом вверху страницы.
Небольшие комментарии к командам можно вставлять прямо из командной строки. Комментарий вводится прямо в командную строку, после символов #^ или #v. Символы ^ и v показывают направление выбора команды, к которой относится комментарий: ^ - к предыдущей, v - к следующей. Например, если в командной строке было введено:
$ whoami
user
$ #^ Интересно, кто я?в журнале это будет выглядеть так:
$ whoami
user
| Интересно, кто я? |
Если комментарий содержит несколько строк, его можно вставить в журнал следующим образом:
$ whoami
user
$ cat > /dev/null #^ Интересно, кто я?
Программа whoami выводит имя пользователя, под которым мы зарегистрировались в системе. - Она не может ответить на вопрос о нашем назначении в этом мире.В журнале это будет выглядеть так:
$ whoami user
|
Комментарии, не относящиеся непосредственно ни к какой из команд, добавляются точно таким же способом, только вместо симолов #^ или #v нужно использовать символы #=
1
2
3
4
Группы команд, выполненных на разных терминалах, разделяются специальной линией.
Под этой линией в правом углу показано имя терминала, на котором выполнялись команды.
Для того чтобы посмотреть команды только одного сенса,
нужно щёкнуть по этому названию.
LiLaLo (L3) расшифровывается как Live Lab Log.
Программа разработана для повышения эффективности обучения Unix/Linux-системам.
(c) Игорь Чубин, 2004-2008