文档介绍:下载
第11章从日志中查找蛛丝马迹
当我们第一次在我们的网关计算机上打开所有的日志时,就像是橡子时节在几棵巨大的
橡树下伴随着邻居的欢呼走进锡顶的新房子。起初,喧嚣声震耳欲聋,令人发狂。我们辛苦
地追赶作恶者并帮助保证几个开放系统的安全。许多学生拍着巴掌,一些学生拜访他们友好
的老前辈。一些公司的机器也是安全的。
*** Last two day's warning log:
Sep 6 03:09:47 named[120]: No root nameservers for class 100
Sep 5 20:34:19 named[120]: No root nameservers for class 109
*** Last two day's essful logins:
12 : 5 4 : 2 4 Fa i l e d lo g i n ajg^H^H^Hguard, CALLER=
20:50:15 Failed login guarg^Hd, CALLER=
22:45:10 Failed login gurad, CALLER=
*** FTP: passwd/group fetches:
05:26:17 ------- > RETR group^M
05:26:17 < --- 150 Opening ASCII mode data connection for group (49 bytes).
05:26:17 Sent file /etc/group
05:26:21 ------- > RETR passwd^M
05:26:21< --- 150 Opening ASCII mode data connection for passwd (629 bytes).
05:26:21Sent file /etc/passwd
***FTP: ing files for the last two days.
***FTP: directory changes last two days:
***FTP: user names last day:
:Sep 6 04:24:02 ftpd[14559]: ------- > USER ls^M
:Sep 6 04:36:48 ftpd[14624]: ------- > USER eastocke^M
:Sep 6 04:38:20 ftpd[14633]: ------- > USER eastocke^M
:Sep 6 04:39:03 ftpd[14638]: ------- > USER eastocke^M
:Sep 6 04:40:33 ftpd[14644]: ------- > USER ebzimmer^M
:Sep 6 04:41:30 ftpd[14646]: ------- > USER ******@^M
:Sep 6 04:43:08 ftpd[14651]: ------- > USER zbzimmer @ ^M
:Sep 6 05:00:41 ftpd[14773]: ------- > USER ******@^M
:Sep 5 11:43:04 ftpd[6641]: ------- > USER anynomous^M
:Sep 5 14:42:35 ftpd[8109]: ------- > USER kxa4244^M
:Sep 5 15:59:15 ftpd[8904]: ------- > USER guest^M
:Sep 5 15:59:36 ftpd[8919]: ------- > USER anonynous^M
:Sep 5 16:00:11 ftpd[8927]: ------- > USER carl^M
:Sep 5 17:51:13 ftpd[9746]: ------- > USER research.^M
***SMTP DEBUG attempts last two days
***changes to