Jun 2 21:03:42 linuxbox sshd[6127]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Jun 2 21:03:42 linuxbox pam_winbind[6127]: request failed: No such user, PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER
Jun 2 21:03:54 linuxbox sshd(pam_unix)[6129]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=ioix.live-cameras.net user=root
Jun 2 21:03:54 linuxbox sshd[6129]: pam_krb5[6129]: authentication fails for 'root' (****@*******.COM): Authentication service cannot retrieve authentication info. (Cannot resolve network address for KDC in requested realm)
Jun 2 21:03:54 linuxbox sshd[6129]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Jun 2 21:03:54 linuxbox pam_winbind[6129]: request failed: No such user, PAM error was 10, NT error was NT_STATUS_NO_SUCH_USER <---------------- 여기까지는 실패한 것 같은데 이 아래부터는 들어온 것 같아서요. 전 이 시간에 로그인 한적이 없는데..쩝
Jun 2 21:05:01 linuxbox crond(pam_unix)[6131]: session opened for user root by (uid=0)
Jun 2 21:05:01 linuxbox crond(pam_unix)[6131]: session closed for user root
Jun 2 21:10:01 linuxbox crond(pam_unix)[6134]: session opened for user root by (uid=0)
Jun 2 21:10:01 linuxbox crond(pam_unix)[6133]: session opened for user root by (uid=0)
Jun 2 21:10:01 linuxbox crond(pam_unix)[6133]: session closed for user root
Jun 2 21:10:01 linuxbox crond(pam_unix)[6134]: session closed for user root
Jun 2 21:15:01 linuxbox crond(pam_unix)[6138]: session opened for user root by (uid=0)
Jun 2 21:15:01 linuxbox crond(pam_unix)[6138]: session closed for user root
Jun 2 21:20:01 linuxbox crond(pam_unix)[6140]: session opened for user root by (uid=0)
Jun 2 21:20:01 linuxbox crond(pam_unix)[6141]: session opened for user root by (uid=0)
Jun 2 21:20:01 linuxbox crond(pam_unix)[6140]: session closed for user root
중략
Jun 2 23:50:01 linuxbox crond(pam_unix)[6332]: session closed for user root
Jun 2 23:50:01 linuxbox crond(pam_unix)[6333]: session closed for user root
Jun 2 23:51:12 linuxbox gdm(pam_unix)[3459]: session opened for user root by (uid=0)
Jun 2 23:51:13 linuxbox gconfd (root-6408): starting (version 2.8.1), pid 6408 user 'root' <-------------- 여기선 뭔 하고 있는 것인가요? 아래에 설정 등을 바꾼 것이 아닌지..
Jun 2 23:51:13 linuxbox gconfd (root-6408): Resolved address "xml:readonly:/etc/gconf/gconf.xml.mandatory" to a read-only configuration source at position 0
Jun 2 23:51:13 linuxbox gconfd (root-6408): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 1
Jun 2 23:51:13 linuxbox gconfd (root-6408): Resolved address "xml:readonly:/etc/gconf/gconf.xml.defaults" to a read-only configuration source at position 2
Jun 2 23:51:14 linuxbox gconfd (root-6408): Resolved address "xml:readwrite:/root/.gconf" to a writable configuration source at position 0
Jun 2 23:53:01 linuxbox crond(pam_unix)[6511]: session opened for user root by (uid=0)
Jun 2 23:53:01 linuxbox crond(pam_unix)[6511]: session closed for user root
Jun 2 23:55:01 linuxbox crond(pam_unix)[6516]: session opened for user root by (uid=0)
Jun 2 23:55:02 linuxbox crond(pam_unix)[6516]: session closed for user root
Jun 2 23:55:18 linuxbox gdm(pam_unix)[3459]: session closed for user root
Jun 2 23:55:18 linuxbox gconfd (root-6408): Exiting
Jun 2 23:55:18 linuxbox kernel: audit(1149306918.794:3): user pid=6403 uid=0 auid=4294967295 msg='avc: 1 AV entries and 1/512 buckets used, longest chain length 1
Jun 2 23:55:18 linuxbox kernel: '
요 밑으로는 제가 로그인했습니다. 누가 들어와서 바꾼 것 같은데... 제가 그 전에 로그인한 적이 없는데.. 고수님의 답변 기다립니다.
아직 시간이 없어서 portsentry 설치하지 못해서 지금 하려고 하는데 이런 로그가 쭉 있습니다.
감사합니다.
짧은글 일수록 신중하게.