1. 檢視近期成功的密碼登入:
grep "password" /var/log/auth.log | grep -v failed | grep -v invalidawk 'else}}end}' /var/log/auth.log | sort -k2 -rnawk 'else}}end}' /var/log/auth.log | sort -k2 -rngrep "accepted password for" /var/log/securegrep "failed password" /var/log/secure | awk 'else}end' | sort -k 2 -nr | headgrep "failed password" /var/log/secure | awk 'else}end' | sort -k 1 -n | head伺服器被入侵檢查步驟
伺服器被入侵檢查步驟 檢視 etc passwd和 etc shadow檔案是否有可疑賬號 查詢伺服器登入日誌記錄 核心啟動日誌 var log dmesg 系統報錯日誌 var log messages 郵件系統日誌 var log maillog ftp系統日誌 var log xferlog ...
檢查郵件伺服器是否有效
檢查郵件伺服器是否有效 private function getmailserver byval sdomain as string as string dim info as new processstartinfo dim ns as process 呼叫windows的nslookup命令,查...
檢查sql server所在伺服器是否改過名
use master select srvid,srvname,datasource from sysservers 如果沒有srvid 0或者srvid 0 也就是本機器 但srvname和datasource不一樣,需要按如下方法修改 use master go 設定兩個變數 declare s...