我需要帮助来解释和解决有关我的服务器日志的问题,系统日志总是记录日志
CRON[8944]: (ftpuser) CMD (/home/ftpuser/.profiles/y >/dev/null 2>&1)
虽然我已经删除了该用户ftpuser和主目录用户。
Oct 14 09:32:01 sarirotidbdr CRON[8944]: (ftpuser) CMD (/home/ftpuser/.profiles/y >/dev/null 2>&1)
Oct 14 09:32:04 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:32:04 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:32:04 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:32:04 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:32:23 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:32:23 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:32:49 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:32:49 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:32:49 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:32:49 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:33:01 sarirotidbdr CRON[11192]: (ftpuser) CMD (/home/ftpuser/.profiles/y >/dev/null 2>&1)
Oct 14 09:33:32 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:33:32 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:33:44 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:33:44 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:33:44 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:33:44 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:34:01 sarirotidbdr CRON[11228]: (ftpuser) CMD (/home/ftpuser/.profiles/y >/dev/null 2>&1)
Oct 14 09:34:20 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:34:20 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:34:48 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:34:48 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:34:48 sarirotidbdr SQLAnywhere(nicsecondaryserver): Connection terminated abnormally
Oct 14 09:34:48 sarirotidbdr SQLAnywhere(nicsecondaryserver): Disconnected TCPIP client's AppInfo: HOST=sarirotiappdr
Oct 14 09:35:01 sarirotidbdr CRON[11258]: (ftpuser) CMD (/home/ftpuser/.profiles/y >/dev/null 2>&1)
答案1
您仍有一些 cron 作业正在执行此命令。请查看crontab -l -u root下的文件/var/spool/cron/。
如果您认为您的机器已被入侵,唯一明智的解决方案就是从头开始重新安装所有内容,并使用已知良好且未受感染的备份。