CentOS 通过日志查入侵

2020-06-08 10:00:07

#### who 打印当前在线的用户信息 ``` Usage: who [OPTION]... [ FILE | ARG1 ARG2 ] Print information about users who are currently logged in. -a, --all same as -b -d --login -p -r -t -T -u -b, --boot time of last system boot -d, --dead print dead processes -H, --heading print line of column headings -l, --login print system login processes --lookup attempt to canonicalize hostnames via DNS -m only hostname and user associated with stdin -p, --process print active processes spawned by init -q, --count all login names and number of users logged on -r, --runlevel print current runlevel -s, --short print only name, line, and time (default) -t, --time print last system clock change -T, -w, --mesg add user's message status as +, - or ? -u, --users list users logged in --message same as -T --writable same as -T --help display this help and exit --version output version information and exit ``` #### last 显示所有登录(和退出)用户的列表 ``` last [-R] [-num] [ -n num ] [-adFiowx] [ -f file ] [ -t YYYYMMDDHHMMSS ] [name...] [tty...] -R Suppresses the display of the hostname field. -num This is a count telling last how many lines to show. ``` #### lastb 显示所有登陆失败的记录 ``` lastb [-R] [-num] [ -n num ] [ -f file ] [-adFiowx] [name...] [tty...] -R Suppresses the display of the hostname field. -num This is a count telling last how many lines to show. ``` #### lastlog 查看所有用户或指定用户的最近登陆信息 ``` Usage: lastlog [options] reports the most recent login of all users or of a given user. Options: -b, --before DAYS print only lastlog records older than DAYS -C, --clear clear lastlog record of an user (usable only with -u) -h, --help display this help message and exit -R, --root CHROOT_DIR directory to chroot into -S, --set set lastlog record to current time (usable only with -u) -t, --time DAYS print only lastlog records more recent than DAYS -u, --user LOGIN print lastlog record of the specified LOGIN ``` #### /var/log/secure 查看系统记录的安全日志 ``` tail -f -n 100 /var/log/secure ```

分类:分享     关键词:centos,入侵

评论(2) 浏览(670)