我正在查看我的服务器的身份验证日志,惊讶地发现时间发生了偏移。
root@server:/home/admin# date
Tue Jan 12 09:51:36 CET 2016
root@server:/home/admin# tail /var/log/auth.log
Jan 12 03:10:05 server sshd[18973]: Connection closed by 222.189.40.171 [preauth]
Jan 12 03:25:43 server sshd[18983]: reverse mapping checking getaddrinfo for 210.subnet222-124-218.static.astinet.telkom.net.id [222.124.218.210] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 12 03:25:43 server sshd[18983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.218.210 user=root
Jan 12 03:25:45 server sshd[18983]: Failed password for root from 222.124.218.210 port 34563 ssh2
Jan 12 03:25:45 server sshd[18983]: Connection closed by 222.124.218.210 [preauth]
Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae
Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jan 12 03:42:38 server su[19013]: Successful su for root by admin
Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root
Jan 12 03:42:38 server
这是服务器配置的时区:
cat /etc/timezone
Europe/Berlin
知道服务器是 VZ 客户机可能会有所帮助。
以下是命令在一行中显示的内容:
$ su -c "date && tail -n 5 /var/log/auth.log"
Password:
Tue Jan 12 10:33:24 CET 2016
Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae
Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jan 12 03:42:38 server su[19013]: Successful su for root by admin
Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root
Jan 12 03:42:38 server su[19013]: pam_unix(su:session): session opened for user root by admin(uid=1000)
答案1
显然这是一个已知问题。
我通过重新启动 rsyslog 解决了这个问题。