/var/log/secure
记录用户的登录情况
这里查看文件之前,先登录一下,然后分别输入错的用户和密码再查看一下登录信息
[root@shell ~ 3]# tail -n 10 /var/log/secure
#第一行,用户未知,当时随便输的,第二行用户输入的das,我没用创建这个用户所以无效
Aug 2 06:37:33 shell sshd[3220]: pam_unix(sshd:auth): check pass; user unknown
Aug 2 06:37:36 shell sshd[3220]: Failed password for invalid user das from 192.168.100.1 port 8613 ssh2
Aug 2 06:37:41 shell sshd[3220]: Disconnecting: Change of username or service not allowed: (das ,ssh-connection) -> (root,ssh-connection) [preauth]
Aug 2 06:37:41 shell sshd[3220]: PAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.100.1
#这里root密码输入的错误的,所以密码提示密码检查失败
Aug 2 06:37:44 shell unix_chkpwd[3224]: password check failed for user (root)
Aug 2 06:37:44 shell sshd[3222]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.100.1 user=root
Aug 2 06:37:44 shell sshd[3222]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
#这一行是root用户登录,然后输入错误的密码提示这个,root密码失败
Aug 2 06:37:46 shell sshd[3222]: Failed password for root from 192.168.100.1 port 8643 ssh2
#最后一行就是成功登录了
Aug 2 06:37:48 shell sshd[3222]: Accepted password for root from 192.168.100.1 port 8643 ssh2
Aug 2 06:3
/var/log/messages
存放系统的日志
[root@shell ~ 5]# cat /var/log/messages
Aug 2 07:27:01 shell rsyslogd: [origin software="rsyslogd" swVersion="7.4.7" x-pid="965" x-info="http://www.rsyslog.com"] rsyslogd was HUPed