??????????????????????????????????????????????????? Linux ??????ó????С?????????????е?????????????????????????????????????????η?????????????ν???????????м??????????????????????

?????????????
??????????????????????????????????????м?????????????????????????????????????????????Ч????????????????????????????????????? SSH ??????????? su ??????????????????з?????????Щ?????????????饗PAM???????????????????л????? Failed password ?? user unknown ???????????????????????????????? Accepted password ?? session opened ?????????????
????????????:
????pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.2.2
????Failed password for invalid user hoover from 10.0.2.2 port 4791 ssh2
????pam_unix(sshd:auth): check pass; user unknown
????PAM service(sshd) ignoring max retries; 6 > 3
??????????????
????Accepted password for hoover from 10.0.2.2 port 4792 ssh2
????pam_unix(sshd:session): session opened for user hoover by (uid=0)
????pam_unix(sshd:session): session closed for user hoover
???????????? grep ????????Щ?????????????????Щ?????????????????????????????????????????? ubuntu ??????????
????$ grep "invalid user" /var/log/auth.log | cut -d ' ' -f 10 | sort | uniq -c | sort -nr
????23 oracle
????18 postgres
????17 nagios
????10 zabbix
????6 test
??????????б??????????????????????ó?????????ò??????????????????????????????????????????Ч?????????????????????????????
???????????????????????????????? Linux ?????????????????????????????????????????????????????????????????У?????????????root ???????? 2700 ???????????????????????? root ???????????????

????????????????????????????????????????????????????????????????????????????????????λ????Σ??????????????????????????????????????????м???????????????????????????????????????????????????????????????????????3??12????????????? Nagios ????Ρ?????????????????????????

????????????
??????????????????????????????????崻??????????????????????????????