各位好,
我有一个 Fedora 系统,它是一路由 Fedora 17、18、19 跨版本升级上来的。现在我发现系统里有一个奇怪的用户: $ who
(unknown) :0 2013-06-28 22:29 (:0) easior pts/2 2013-07-01 19:51 但是,用 w 却看不到: $ w 20:43:22 up 2 days, 22:14, 2 users, load average: 1.24, 1.11, 1.07 USER TTY LOGIN@ IDLE JCPU PCPU WHAT easior pts/2 19:51 2.00s 0.06s 0.00s w 也就是说它没有留下什么日志信息。但是,他却有一些登录信息: $ ac (unknown) total 187.66 $ last | grep -i unknown (unknown :0 :0 Fri Jun 28 22:29 - crash (00:00) (unknown :0 :0 Fri Jun 28 15:16 - crash (00:00) (unknown :0 :0 Fri Jun 28 15:15 - crash (00:00) (unknown :0 :0 Fri Jun 28 14:42 - crash (00:00) (unknown :0 :0 Thu Jun 27 21:23 - crash (00:00) (unknown :0 :0 Thu Jun 27 11:57 - crash (00:00) (unknown :0 :0 Tue Jun 25 06:24 - crash (00:00) (unknown :0 :0 Mon Jun 24 07:58 - crash (00:00) (unknown :0 :0 Sat Jun 22 12:51 - crash (00:00) (unknown :0 :0 Tue Jun 18 17:56 - crash (07:59) (unknown :0 :0 Mon Jun 17 17:10 - crash (07:59) (unknown :0 :0 Sat Jun 15 16:00 - crash (07:59) (unknown :0 :0 Sat Jun 15 15:55 - crash (07:59) (unknown :0 :0 Sat Jun 15 15:32 - crash (07:59) (unknown :0 :0 Sun Jun 9 10:34 - crash (07:59) (unknown :0 :0 Tue Jun 4 21:53 - crash (07:59) (unknown :0 :0 Sun Jun 2 16:20 - crash (07:59) (unknown :0 :0 Sun Jun 2 07:43 - crash (07:59) (unknown :0 :0 Fri May 31 08:40 - crash (07:59) (unknown :0 :0 Thu May 30 07:52 - crash (07:59) (unknown :0 :0 Wed May 29 16:22 - crash (07:59) (unknown :0 :0 Tue May 28 08:44 - crash (07:59) (unknown :0 :0 Tue May 21 15:38 - crash (07:59) (unknown :0 :0 Mon May 20 17:07 - crash (07:59) (unknown :0 :0 Wed May 15 08:50 - crash (07:59) (unknown :0 :0 Sat May 4 19:59 - crash (00:00) (unknown :0 :0 Sat May 4 19:37 - crash (00:00) (unknown :0 :0 Sat May 4 16:35 - crash (00:00) (unknown :0 :0 Sat May 4 16:28 - crash (00:00) (unknown :0 :0 Sun Apr 28 13:25 - crash (00:00) (unknown :0 :0 Mon Apr 22 17:33 - 17:34 (00:00) (unknown :0 :0 Mon Apr 22 17:15 - 17:16 (00:00) (unknown :0 :0 Wed Apr 17 18:06 - 18:10 (00:03) (unknown :0 :0 Wed Apr 17 17:27 - 17:28 (00:00) (unknown :0 :0 Tue Apr 9 10:40 - 10:49 (00:09) (unknown :0 :0 Tue Apr 9 10:14 - 10:14 (00:00) (unknown :0 :0 Tue Apr 9 10:10 - down (00:02) (unknown :0 :0 Tue Apr 9 08:40 - 08:43 (00:02) (unknown :0 :0 Tue Apr 2 14:17 - 14:18 (00:01) (unknown :0 :0 Tue Apr 2 13:50 - 13:50 (00:00) (unknown :0 :0 Tue Apr 2 13:09 - 13:09 (00:00) (unknown :0 :0 Tue Apr 2 12:37 - 12:37 (00:00) (unknown :0 :0 Tue Apr 2 12:17 - 12:22 (00:05) (unknown :0 :0 Tue Apr 2 10:54 - down (00:01) (unknown :0 :0 Tue Apr 2 10:50 - 10:50 (00:00) (unknown :0 :0 Tue Mar 26 16:44 - 16:44 (00:00) (unknown :0 :0 Tue Mar 26 16:35 - 16:35 (00:00) (unknown :0 :0 Tue Mar 26 16:34 - 16:34 (00:00) (unknown :0 :0 Tue Mar 26 16:28 - 16:28 (00:00) (unknown :0 :0 Tue Mar 26 15:54 - down (00:32) (unknown :0 :0 Tue Mar 5 17:35 - 17:36 (00:00) (unknown :0 :0 Tue Mar 5 16:37 - 16:37 (00:00) (unknown :0 :0 Sat Feb 16 12:53 - 12:53 (00:00) (unknown :0 :0 Fri Feb 15 13:28 - 13:29 (00:00) (unknown :0 :0 Fri Feb 15 12:47 - 12:47 (00:00) (unknown :0 :0 Thu Feb 14 12:37 - 12:37 (00:00) (unknown :0 :0 Thu Feb 14 12:35 - crash (00:01) (unknown :0 :0 Mon Feb 4 12:04 - 12:05 (00:00) (unknown :0 :0 Mon Feb 4 12:04 - down (00:00) (unknown :0 :0 Mon Feb 4 11:27 - 11:27 (00:00) (unknown :0 :0 Thu Jan 17 10:46 - 10:46 (00:00) (unknown :0 :0 Tue Jan 8 17:32 - 17:32 (00:00) (unknown :0 :0 Tue Jan 8 17:26 - 17:26 (00:00) (unknown :0 :0 Wed Jan 2 11:14 - 11:14 (00:00) (unknown :0 :0 Thu Dec 13 15:49 - 15:49 (00:00) (unknown :0 :0 Tue Dec 4 16:38 - 16:39 (00:00) (unknown :0 :0 Fri Nov 30 16:09 - 16:09 (00:00) (unknown :0 :0 Tue Nov 27 16:37 - 16:57 (00:20) (unknown :0 :0 Fri Nov 16 15:49 - 15:50 (00:00) (unknown :0 :0 Tue Nov 6 15:46 - 15:47 (00:00) (unknown :0 :0 Fri Nov 2 12:21 - 12:21 (00:00) (unknown :0 :0 Tue Oct 16 16:46 - 16:46 (00:00) (unknown :0 :0 Tue Oct 9 15:12 - 15:12 (00:00) (unknown :0 :0 Sat Sep 29 16:32 - 16:32 (00:00) (unknown :0 :0 Tue Sep 25 15:31 - 15:31 (00:00) (unknown :0 :0 Tue Sep 18 16:09 - 16:09 (00:00) (unknown :0 :0 Tue Sep 18 15:46 - down (00:00) (unknown :0 :0 Tue Sep 18 15:40 - down (00:00) (unknown :0 :0 Tue Sep 18 15:39 - down (00:00) (unknown :0 :0 Mon Sep 10 09:44 - 09:44 (00:00) (unknown :1 :1 Tue Sep 4 12:49 - 09:44 (5+20:54) (unknown :0 :0 Mon Sep 3 08:59 - 08:59 (00:00) (unknown :0 :0 Sun Sep 2 09:19 - 09:20 (00:00) (unknown :0 :0 Sun Aug 19 09:19 - 09:19 (00:00) (unknown :0 :0 Wed Aug 15 16:22 - 16:22 (00:00) (unknown :0 :0 Wed Aug 15 14:39 - 14:40 (00:00) (unknown :0 :0 Wed Aug 15 11:24 - down (00:00) (unknown :0 :0 Wed Aug 15 10:35 - down (00:00) (unknown :0 :0 Tue Aug 14 06:40 - 06:40 (00:00) (unknown :0 :0 Mon Aug 13 11:27 - 11:27 (00:00) (unknown :0 :0 Mon Aug 13 09:18 - 09:19 (00:00) (unknown :0 :0 Sat Aug 4 09:46 - 09:48 (00:02) (unknown :0 :0 Tue Jul 24 11:52 - 11:52 (00:00) (unknown :0 :0 Tue Jul 24 11:03 - 11:03 (00:00) (unknown :0 :0 Fri Jul 20 12:41 - 12:42 (00:00) (unknown :0 :0 Fri Jul 20 12:16 - 12:16 (00:00) (unknown :0 :0 Fri Jul 20 09:40 - 09:40 (00:00) (unknown :0 :0 Thu Jul 12 09:22 - 09:23 (00:00) (unknown :0 :0 Sun Jul 8 13:40 - 13:40 (00:00) (unknown :0 :0 Sun Jul 8 12:33 - crash (00:00) (unknown :0 :0 Sun Jul 8 11:38 - 11:38 (00:00) (unknown :0 :0 Sun Jul 8 11:23 - 11:23 (00:00)
请问这是怎么回事?有入侵者嘛?
Cheers,
Easior Lars
easior.lars@yahoo.com www.shlug.org
自从Fedora使用systemd以来,问题依旧没有修正! Cheers,
Easior Lars
easior.lars@yahoo.com www.shlug.org
----- Original Message ----- From: Christopher Meng cickumqt@gmail.com To: Easior Lars easior.lars@yahoo.com; Fedora Chinese chinese@lists.fedoraproject.org Cc: Sent: Monday, July 1, 2013 9:09 PM Subject: Re: [FZH] Fedora 中的unknown用户来自何处?
这倒没有仔细查看其他日志! 我是在ssh过去查看用户的时候发现这个的, 主要是怕有入侵者!
Cheers,
Easior Lars
easior.lars@yahoo.com http://www.shlug.org/
________________________________ From: Christopher Meng cickumqt@gmail.com To: Easior Lars easior.lars@yahoo.com Cc: Fedora Chinese chinese@lists.fedoraproject.org Sent: Tuesday, July 2, 2013 9:34 AM Subject: Re: [FZH] Fedora 中的unknown用户来自何处?
我倒是很好奇你的 last 输出为什么一大堆 crash 呢,是 X 的?
chinese@lists.fedoraproject.org