我倾向于偏执,并且有一段时间我的日志文件中的消息往往让我接近理智的边缘。有人可以在我的 auth.log 文件中解释以下内容,表明名为 dnsmasq 的用户在我的计算机中更改了他们的密码。我意识到这可能是一个愚蠢的问题,但这种事情已经持续了好几年,每次我看到类似的事情时,我都会变得焦虑和害怕有人在监视我。谁能放下我的恐惧?
discover-healing-honey sudo: pam_unix(sudo:session): session closed for user root
May 15 16:51:20 discover-healing-honey polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session2 (system bus name :1.55 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8)
May 15 16:55:39 discover-healing-honey useradd[16831]: new user: name=dnsmasq, UID=115, GID=65534, home=/var/lib/misc, shell=/bin/false
May 15 16:55:39 discover-healing-honey usermod[16836]: change user 'dnsmasq' password
May 15 16:55:39 discover-healing-honey chage[16841]: changed password expiry for dnsmasq
May 15 16:55:39 discover-healing-honey chfn[16844]: changed user 'dnsmasq' information
May 15 16:56:02 discover-healing-honey polkit-agent-helper-1[16995]: pam_ecryptfs: pam_sm_authenticate: /home/bee-hives-rule is already mounted
May 15 16:56:02 discover-healing-honey polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session2 successfully authenticated as unix-user:bee-hives-rule to gain TEMPORARY authorization for action com.ubuntu.softwareproperties.applychanges for unix-process:7420:308018 [/usr/bin/python3 /usr/bin/software-properties-gtk] (owned by unix-user:bee-hives-rule)
May 15 16:56:41 discover-healing-honey sg[21950]: user 'root' (login '???' on pts/1) switched to group 'mlocate'
May 15 16:56:41 discover-healing-honey sg[21950]: user 'root' (login '???' on pts/1) returned to group 'root'
May 15 17:02:49 discover-healing-honey lightdm: pam_unix(lightdm-greeter:session): session opened for user lightdm by (uid=0)
May 15 17:02:49 discover-healing-honey lightdm: pam_ck_connector(lightdm-greeter:session): nox11 mode, ignoring PAM_TTY :0
May 15 17:02:53 discover-healing-honey dbus[1326]: [system] Rejected send message, 7 matched rules; type="method_return", sender=":1.19" (uid=0 pid=1713 comm="/usr/sbin/dnsmasq --no-resolv --keep-in-foreground") interface="(unset)" member="(unset)" error name="(unset)" requested_reply="0" destination=":1.6" (uid=0 pid=1546 comm="NetworkManager ")
May 15 17:02:56 discover-healing-honey lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bee-hives-rule"
May 15 17:02:56 discover-healing-honey lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "bee-hives-rule"
那里没有什么不寻常的。这是所有身份验证和授权(两种截然不同的事情)尝试的日志。
dnsmasq 是本地 DNS 缓存。
lightdm 是您的“显示管理器”,它会在您登录之前(在 X 内)提示您输入用户名和密码。
没有任何迹象表明间谍或键盘记录甚至远程登录尝试。基本上它是一堆作为系统进程运行的系统进程,并且它们的授权请求被记录下来。
| 归档时间: |
|
| 查看次数: |
1373 次 |
| 最近记录: |