当我不在家时,我的系统记录了异常活动

当我不在家时,我的系统记录了异常活动

有人能帮忙看一下这个日志吗?事情发生的时候我不在家。

Dec 27 07:48:13 mikky-E720 su[26915]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:48:13 mikky-E720 su[26915]: pam_unix(su:session): session closed for user mikky
Dec 27 07:48:54 mikky-E720 unix_chkpwd[27214]: password check failed for user (mikky)
Dec 27 07:48:54 mikky-E720 gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0.0 ruser= rhost=  user=mikky
Dec 27 07:48:54 mikky-E720 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000388)
Dec 27 07:48:54 mikky-E720 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): pam_get_item returned a password
Dec 27 07:48:54 mikky-E720 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Dec 27 07:49:23 mikky-E720 unix_chkpwd[27223]: password check failed for user (mikky)
Dec 27 07:49:23 mikky-E720 gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0.0 ruser= rhost=  user=mikky
Dec 27 07:49:23 mikky-E720 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000388)
Dec 27 07:49:23 mikky-E720 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): pam_get_item returned a password
Dec 27 07:49:23 mikky-E720 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Dec 27 07:49:34 mikky-E720 gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): conversation failed
Dec 27 07:49:34 mikky-E720 gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): auth could not identify password for [mikky]
Dec 27 07:49:34 mikky-E720 gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000388)
Dec 27 07:49:35 mikky-E720 lightdm: pam_unix(lightdm:session): session opened for user lightdm by (uid=0)
Dec 27 07:49:35 mikky-E720 lightdm: pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :1
Dec 27 07:49:39 mikky-E720 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mikky"
Dec 27 07:49:40 mikky-E720 dbus[1033]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.259" (uid=104 pid=27307 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.19" (uid=0 pid=1203 comm="/usr/sbin/console-kit-daemon --no-daemon ")
Dec 27 07:49:41 mikky-E720 dbus[1033]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.268" (uid=104 pid=27359 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.19" (uid=0 pid=1203 comm="/usr/sbin/console-kit-daemon --no-daemon ")
Dec 27 07:52:43 mikky-E720 lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost=  user=mikky
Dec 27 07:52:43 mikky-E720 lightdm: pam_winbind(lightdm:auth): getting password (0x00000388)
Dec 27 07:52:43 mikky-E720 lightdm: pam_winbind(lightdm:auth): pam_get_item returned a password
Dec 27 07:52:43 mikky-E720 lightdm: pam_winbind(lightdm:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Dec 27 07:52:46 mikky-E720 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mikky"
Dec 27 07:54:39 mikky-E720 lightdm: pam_unix(lightdm:auth): authentication failure; logname= uid=0 euid=0 tty=:1 ruser= rhost=  user=mikky
Dec 27 07:54:39 mikky-E720 lightdm: pam_winbind(lightdm:auth): getting password (0x00000388)
Dec 27 07:54:39 mikky-E720 lightdm: pam_winbind(lightdm:auth): pam_get_item returned a password
Dec 27 07:54:39 mikky-E720 lightdm: pam_winbind(lightdm:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user
Dec 27 07:54:41 mikky-E720 lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mikky"
Dec 27 07:56:38 mikky-E720 su[27755]: Successful su for mikky by root
Dec 27 07:56:38 mikky-E720 su[27755]: + ??? root:mikky
Dec 27 07:56:38 mikky-E720 su[27755]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:38 mikky-E720 su[27755]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:38 mikky-E720 su[27765]: Successful su for mikky by root
Dec 27 07:56:38 mikky-E720 su[27765]: + ??? root:mikky
Dec 27 07:56:38 mikky-E720 su[27765]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:38 mikky-E720 su[27765]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:38 mikky-E720 su[27780]: Successful su for mikky by root
Dec 27 07:56:38 mikky-E720 su[27780]: + ??? root:mikky
Dec 27 07:56:38 mikky-E720 su[27780]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:38 mikky-E720 su[27780]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:38 mikky-E720 su[27797]: Successful su for lightdm by root
Dec 27 07:56:38 mikky-E720 su[27797]: + ??? root:lightdm
Dec 27 07:56:38 mikky-E720 su[27797]: pam_unix(su:session): session opened for user lightdm by (uid=0)
Dec 27 07:56:38 mikky-E720 su[27797]: pam_unix(su:session): session closed for user lightdm
Dec 27 07:56:38 mikky-E720 su[27811]: Successful su for lightdm by root
Dec 27 07:56:38 mikky-E720 su[27811]: + ??? root:lightdm
Dec 27 07:56:38 mikky-E720 su[27811]: pam_unix(su:session): session opened for user lightdm by (uid=0)
Dec 27 07:56:38 mikky-E720 su[27811]: pam_unix(su:session): session closed for user lightdm
Dec 27 07:56:38 mikky-E720 su[27826]: Successful su for lightdm by root
Dec 27 07:56:38 mikky-E720 su[27826]: + ??? root:lightdm
Dec 27 07:56:38 mikky-E720 su[27826]: pam_unix(su:session): session opened for user lightdm by (uid=0)
Dec 27 07:56:39 mikky-E720 su[27826]: pam_unix(su:session): session closed for user lightdm
Dec 27 07:56:39 mikky-E720 su[27854]: Successful su for mikky by root
Dec 27 07:56:39 mikky-E720 su[27854]: + ??? root:mikky
Dec 27 07:56:39 mikky-E720 su[27854]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:39 mikky-E720 su[27854]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:39 mikky-E720 su[27864]: Successful su for mikky by root
Dec 27 07:56:39 mikky-E720 su[27864]: + ??? root:mikky
Dec 27 07:56:39 mikky-E720 su[27864]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:39 mikky-E720 su[27864]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:39 mikky-E720 su[27879]: Successful su for mikky by root
Dec 27 07:56:39 mikky-E720 su[27879]: + ??? root:mikky
Dec 27 07:56:39 mikky-E720 su[27879]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:39 mikky-E720 su[27879]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:39 mikky-E720 su[27892]: Successful su for mikky by root
Dec 27 07:56:39 mikky-E720 su[27892]: + ??? root:mikky
Dec 27 07:56:39 mikky-E720 su[27892]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:39 mikky-E720 su[27892]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:39 mikky-E720 su[27907]: Successful su for mikky by root
Dec 27 07:56:39 mikky-E720 su[27907]: + ??? root:mikky
Dec 27 07:56:39 mikky-E720 su[27907]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:39 mikky-E720 su[27907]: pam_unix(su:session): session closed for user mikky
Dec 27 07:56:39 mikky-E720 su[27920]: Successful su for mikky by root
Dec 27 07:56:39 mikky-E720 su[27920]: + ??? root:mikky
Dec 27 07:56:39 mikky-E720 su[27920]: pam_unix(su:session): session opened for user mikky by (uid=0)
Dec 27 07:56:39 mikky-E720 su[27920]: pam_unix(su:session): session closed for user mikky

答案1

日志的第一部分显示有人试图解锁你的屏幕,输入了错误的密码,但两次都失败了。然后他使用了切换用户 锁屏上的按钮,进入登录界面。他又尝试了一次,但又失败了两次。

日志的第二部分(成功 ...) 很可能来自系统进程。

相关内容