我有点偏执,有一段时间我的日志文件中有一些消息让我接近理智的边缘。有人能解释一下我的 auth.log 文件中的以下内容吗?它表明名为 dnsmasq 的用户在我的计算机上更改了密码。我知道这可能是一个愚蠢的问题,但这种事情已经发生了好几年,每次看到类似的事情,我就会变得焦虑和害怕有人在监视我。有人能让我消除恐惧吗?
discover-healing-honey sudo: pam_unix(sudo:session): session closed for user root
May 15 16:51:20 discover-healing-honey polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name :1.55 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 15 16:55:39 discover-healing-honey useradd[16831]: new user: name=dnsmasq, UID=115, GID=65534, home=/var/lib/misc, shell=/bin/false
May 15 16:55:39 discover-healing-honey usermod[16836]: change user 'dnsmasq' password
May 15 16:55:39 discover-healing-honey chage[16841]: changed password expiry for dnsmasq
May 15 16:55:39 discover-healing-honey chfn[16844]: changed user 'dnsmasq' information
May 15 16:56:02 discover-healing-honey polkit-agent-helper-1[16995]: pam_ecryptfs: pam_sm_authenticate: /home/bee-hives-rule is already mounted
May 15 16:56:02 discover-healing-honey polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session2 successfully authenticated as unix-user:bee-hives-rule to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for unix-process:7420:308018 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:bee-hives-rule)
May 15 16:56:41 discover-healing-honey sg[21950]: user 'root' (login '???' on pts/1) switched to group 'mlocate'
May 15 16:56:41 discover-healing-honey sg[21950]: user 'root' (login '???' on pts/1) returned to group 'root'
May 15 17:02:49 discover-healing-honey lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
May 15 17:02:49 discover-healing-honey lightdm: pam_ck_connector(lightdm-greeter:session): nox11 mode, ignoring PAM_TTY :0
May 15 17:02:53 discover-healing-honey dbus[1326]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.19" (uid=0 pid=1713 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.6" (uid=0 pid=1546 comm="NetworkManager ")
May 15 17:02:56 discover-healing-honey lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bee-hives-rule"
May 15 17:02:56 discover-healing-honey lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bee-hives-rule"
答案1
那里看起来没什么异常。这是所有身份验证和授权(两个截然不同的事情)尝试的日志。
dnsmasq 是一个本地 DNS 缓存。
lightdm 是您的“显示管理器”,它会在您登录之前提示您输入用户名和密码(在 X 内部)。
那里没有任何迹象表明有人在监视或记录键盘,甚至没有迹象表明有人试图进行远程登录。基本上,这是一组以系统进程身份运行的系统进程,它们的授权请求被记录下来。