我正在使用 Ubuntu 16.04 并在其上运行一个小型服务器。当我使用 grep -r 'ip-address' /var/log/ 命令检查日志文件时,它返回此日志
/var/log/auth.log:Dec 19 00:26:00 ip-10-xx-xx-xx sudo: adminuser : TTY=pts/1 ; PWD=/home/adminuser ; USER=root ; COMMAND=/bin/grep -r xx-xx-xx-xx(ipAddress) ./tomcat8 ./catalina.out ./install ./xvdf ./xvdg
/var/log/auth.log:Dec 19 00:26:00 ip-10-xx-xx-xx sudo: adminuser : TTY=pts/1 ; PWD=/home/adminuser ; USER=root ; COMMAND=/bin/grep -r xx-xx-xx-xx(ipAddress) /bin /boot /dev /etc /home /initrd.img /initrd.img.old /lib /lib64 /lost+found /media /mnt /opt /proc /root /run /sbin /snap /srv /sys /tmp /usr /var /vmlinuz /vmlinuz.old
/var/log/apache2/access.log.1:xx-xx-xx-xx(ipAddress) - - [18/Dec/2018:11:20:07 +0900] "\x16\x03\x01\x02" 400 0 "-" "-"
/var/log/apache2/access.log.1:xx-xx-xx-xx(ipAddress) - - [19/Dec/2018:05:52:37 +0900] "GET //recordings/ HTTP/1.1" 302 557 "-" "python-requests/2.6.0 CPython/2.7.5 Linux/3.10.0-862.14.4.el7.x86_64"
这是什么意思?他们是否尝试以adminuser用户名登录并运行这些目录下的加密文件?