[{"title": "CentOS\u90e8\u7f72kubernetes", "desc": "\u64cd\u4f5c\u7cfb\u7edf\u955c\u50cf\u7248\u672c CentOS-7-x86_64-Minimal-2009 \uff0c\u7cfb\u7edf\u9ed8\u8ba4 yum \u6e90\u3002\u4e24\u53f0\u865a\u62df\u673a\uff0cmaster:192.168.1.220, node:192.168.1.232\u3002", "content": "

#############\u4e3b\u673a\u5b89\u88c5\u64cd\u4f5c########

[root@k8s-mast-220 etcd]# yum install etcd kubernetes

\u4e00\u3001\u914d\u7f6ehosts,\u4fee\u6539/etc/hosts\u6587\u4ef6\uff0c\u5185\u5bb9\u5982\u4e0b\uff0c\u8282\u70b9\u673a\u5668\u4e5f\u8981\u4fee\u6539hosts\uff1a

[root@k8s-mast-220 etcd]# more /etc/hosts

192.168.1.220 k8s-mast-220

192.168.1.232 k8s-node-232

\u4e8c\u3001\u4fee\u6539etcd\u914d\u7f6e\u6587\u4ef6

\u5c06\u9ed8\u8ba4\u7684http://localhost:2379 \u6539\u4e3ahttp://0.0.0.2379\u3002\u4e0d\u7136\u4f1a\u5bfc\u81f4etcd\u8fde\u4e0d\u4e0a kube-apiserver \u8d77\u4e0d\u6765\u3002

\u4e09\u3001\u4fee\u6539/etc/kubernetes/apiserver\u914d\u7f6e\u5185\u5bb9\u5982\u4e0b

###

# kubernetes system config

#

# The following values are used to configure the kube-apiserver

#

# The address on the local server to listen to.

KUBE_API_ADDRESS=\"--insecure-bind-address=0.0.0.0\"


# The port on the local server to listen on.

KUBE_API_PORT=\"--port=8080\"


# Port minions listen on

KUBELET_PORT=\"--kubelet-port=10250\"


# Comma separated list of nodes in the etcd cluster

KUBE_ETCD_SERVERS=\"--etcd-servers=http://k8s-mast-220:2379\"


# Address range to use for services

KUBE_SERVICE_ADDRESSES=\"--service-cluster-ip-range=10.254.0.0/16\"


# default admission control policies

KUBE_ADMISSION_CONTROL=\"--admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota\"


# Add your own!

KUBE_API_ARGS=\"\"

\u56db\u3001\u4fee\u6539/etc/kubernetes/config\u914d\u7f6e\u6587\u4ef6\u5185\u5bb9\u5982\u4e0b\uff08\u8fd9\u6b65\u5728\u8282\u70b9\u670d\u52a1\u5668\u4e0a\u4e5f\u8981\u4fee\u6539\uff0c\u53ef\u4ee5\u76f4\u63a5\u590d\u5236\u6587\u4ef6\u8fc7\u53bb\uff09\uff1a

###

# kubernetes system config

#

# The following values are used to configure various aspects of all

# kubernetes services, including

#

#   kube-apiserver.service

#   kube-controller-manager.service

#   kube-scheduler.service

#   kubelet.service

#   kube-proxy.service

# logging to stderr means we get it in the systemd journal

KUBE_LOGTOSTDERR=\"--logtostderr=true\"


# journal message level, 0 is debug

KUBE_LOG_LEVEL=\"--v=0\"


# Should this cluster be allowed to run privileged docker containers

KUBE_ALLOW_PRIV=\"--allow-privileged=false\"


# How the controller-manager, scheduler, and proxy find the apiserver

KUBE_MASTER=\"--master=http://k8s-mast-220:8080\"

# Comma separated list of nodes in the etcd cluster

KUBE_ETCD_SERVERS=\"\u2013etcd_servers=http://centos-mast:2379\"


# logging to stderr means we get it in the systemd journal

KUBE_LOGTOSTDERR=\u201d\u2013logtostderr=true\u201d


# journal message level, 0 is debug

KUBE_LOG_LEVEL=\"\u2013v=0\"


# Should this cluster be allowed to run privileged docker containers

KUBE_ALLOW_PRIV=\"\u2013allow_privileged=false\"


#############node\u8282\u70b9\u670d\u52a1\u5668\u5b89\u88c5\u64cd\u4f5c###############

[root@k8s-node-232 kubernetes]# yum install kubernetes

\u4e00\u3001\u4fee\u6539/etc/hosts\u6587\u4ef6\u540c\u4e0a

\u4e8c\u3001\u4fee\u6539 /etc/kubernetes/config\u914d\u7f6e\u6587\u4ef6\uff0c\u540c\u4e0a

\u4e09\u3001\u4fee\u6539 /etc/kubernetes/kubelet \u914d\u7f6e\u6587\u4ef6

###

# kubernetes kubelet (minion) config


# The address for the info server to serve on (set to 0.0.0.0 or \"\" for all interfaces)

KUBELET_ADDRESS=\"--address=0.0.0.0\"


# The port for the info server to serve on

KUBELET_PORT=\"--port=10250\"


# You may leave this blank to use the actual hostname

KUBELET_HOSTNAME=\"--hostname-override=k8s-node-232\"


# location of the api-server

KUBELET_API_SERVER=\"--api-servers=http://k8s-mast-220:8080\"


# pod infrastructure container

#KUBELET_POD_INFRA_CONTAINER=\"--pod-infra-container-image=registry.access.redhat.com/rhel7/pod-infrastructure:latest\"


# Add your own!

KUBELET_ARGS=\"\"

######\u5f00\u59cb\u542f\u52a8\u670d\u52a1\u5668###############

\u4e00\u3001\u542f\u52a8\u4e3b\u8282\u70b9

[root@k8s-mast-220 kubernetes]# for SERVICES in etcd kube-apiserver kube-controller-manager kube-scheduler; do

> systemctl restart $SERVICES

> systemctl enable $SERVICES

> systemctl status $SERVICES

> done

\u25cf etcd.service - Etcd Server

   Loaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-01-25 15:16:13 CST; 81ms ago

 Main PID: 12078 (etcd)

   CGroup: /system.slice/etcd.service

           \u2514\u250012078 /usr/bin/etcd --name=default --data-dir=/var/lib/etcd/default.etcd --listen-client-urls=http://0.0.0.0:2379


Jan 25 15:16:11 k8s-mast-220 etcd[12078]: enabled capabilities for version 3.3

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: 8e9e05c52164694d is starting a new election at term 6

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: 8e9e05c52164694d became candidate at term 7

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: 8e9e05c52164694d received MsgVoteResp from 8e9e05c52164694d at term 7

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: 8e9e05c52164694d became leader at term 7

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: raft.node: 8e9e05c52164694d elected leader 8e9e05c52164694d at term 7

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: published {Name:default ClientURLs:[http://0.0.0.0:2379]} to cluster cdf818194e3a8c32

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: ready to serve client requests

Jan 25 15:16:13 k8s-mast-220 systemd[1]: Started Etcd Server.

Jan 25 15:16:13 k8s-mast-220 etcd[12078]: serving insecure client requests on [::]:2379, this is strongly discouraged!

\u25cf kube-apiserver.service - Kubernetes API Server

   Loaded: loaded (/usr/lib/systemd/system/kube-apiserver.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-01-25 15:16:13 CST; 55ms ago

     Docs: https://github.com/GoogleCloudPlatform/kubernetes

 Main PID: 12127 (kube-apiserver)

   CGroup: /system.slice/kube-apiserver.service

           \u2514\u250012127 /usr/bin/kube-apiserver logtostderr=true v=0 --etcd-servers=http://k8s-mast-220:2379 --insecure-bind-address=0.0.0.0 --port=8080 --kubelet-port=10250 allow_privileg...


Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: W0125 15:16:13.341020   12127 handlers.go:50] Authentication is disabled

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: E0125 15:16:13.341194   12127 reflector.go:199] k8s.io/kubernetes/plugin/pkg/admission/resourcequota/resource_access.go:...ion refused

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: E0125 15:16:13.341249   12127 reflector.go:199] k8s.io/kubernetes/plugin/pkg/admission/serviceaccount/admission.go:119: Failed to l...

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: E0125 15:16:13.381517   12127 reflector.go:199] pkg/controller/informers/factory.go:89: Failed to list *api.LimitRange: ...ion refused

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: E0125 15:16:13.381572   12127 reflector.go:199] pkg/controller/informers/factory.go:89: Failed to list *api.Namespace: G...ion refused

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: [restful] 2022/01/25 15:16:13 log.go:30: [restful/swagger] listing is available at https://192.168.1.220:6443/swaggerapi/

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: [restful] 2022/01/25 15:16:13 log.go:30: [restful/swagger] https://192.168.1.220:6443/swaggerui/ is mapped to folder /swagger-ui/

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: I0125 15:16:13.441725   12127 serve.go:95] Serving securely on 0.0.0.0:6443

Jan 25 15:16:13 k8s-mast-220 kube-apiserver[12127]: I0125 15:16:13.441822   12127 serve.go:109] Serving insecurely on 0.0.0.0:8080

Jan 25 15:16:13 k8s-mast-220 systemd[1]: Started Kubernetes API Server.

Hint: Some lines were ellipsized, use -l to show in full.

\u25cf kube-controller-manager.service - Kubernetes Controller Manager

   Loaded: loaded (/usr/lib/systemd/system/kube-controller-manager.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-01-25 15:16:13 CST; 64ms ago

     Docs: https://github.com/GoogleCloudPlatform/kubernetes

 Main PID: 12165 (kube-controller)

   CGroup: /system.slice/kube-controller-manager.service

           \u2514\u250012165 /usr/bin/kube-controller-manager logtostderr=true v=0 --master=http://k8s-mast-220:8080


Jan 25 15:16:13 k8s-mast-220 systemd[1]: Started Kubernetes Controller Manager.

\u25cf kube-scheduler.service - Kubernetes Scheduler Plugin

   Loaded: loaded (/usr/lib/systemd/system/kube-scheduler.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-01-25 15:16:13 CST; 64ms ago

     Docs: https://github.com/GoogleCloudPlatform/kubernetes

 Main PID: 12203 (kube-scheduler)

   CGroup: /system.slice/kube-scheduler.service

           \u2514\u250012203 /usr/bin/kube-scheduler logtostderr=true v=0 --master=http://k8s-mast-220:8080


Jan 25 15:16:13 k8s-mast-220 systemd[1]: Started Kubernetes Scheduler Plugin.

[root@k8s-mast-220 kubernetes]# 

\u4e8c\u3001\u542f\u52a8node\u8282\u70b9

[root@k8s-node-232 kubernetes]# for SERVICES in kube-proxy kubelet docker; do

> systemctl restart $SERVICES

> systemctl enable $SERVICES

> systemctl status $SERVICES

> done

\u25cf kube-proxy.service - Kubernetes Kube-Proxy Server

   Loaded: loaded (/usr/lib/systemd/system/kube-proxy.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-01-25 02:17:18 EST; 74ms ago

     Docs: https://github.com/GoogleCloudPlatform/kubernetes

 Main PID: 44187 (kube-proxy)

   CGroup: /system.slice/kube-proxy.service

           \u2514\u250044187 /usr/bin/kube-proxy logtostderr=true v=0 --master=http://k8s-mast-220:8080


Jan 25 02:17:18 k8s-node-232 systemd[1]: Started Kubernetes Kube-Proxy Server.

\u25cf kubelet.service - Kubernetes Kubelet Server

   Loaded: loaded (/usr/lib/systemd/system/kubelet.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-01-25 02:17:19 EST; 91ms ago

     Docs: https://github.com/GoogleCloudPlatform/kubernetes

 Main PID: 44225 (kubelet)

   CGroup: /system.slice/kubelet.service

           \u2514\u250044225 /usr/bin/kubelet logtostderr=true v=0 --api-servers=http://k8s-mast-220:8080 --address=0.0.0.0 --port=10250 --hostname-override=k8s-node-232 allow_privileged=false


Jan 25 02:17:19 k8s-node-232 systemd[1]: Started Kubernetes Kubelet Server.

\u25cf docker.service - Docker Application Container Engine

   Loaded: loaded (/usr/lib/systemd/system/docker.service; enabled; vendor preset: disabled)

   Active: active (running) since Tue 2022-01-25 02:17:21 EST; 90ms ago

     Docs: http://docs.docker.com

 Main PID: 44335 (dockerd-current)

   CGroup: /system.slice/docker.service

           \u251c\u250044335 /usr/bin/dockerd-current --add-runtime docker-runc=/usr/libexec/docker/docker-runc-current --default-runtime=docker-runc --exec-opt native.cgroupdriver=systemd --us...

           \u2514\u250044347 /usr/bin/docker-containerd-current -l unix:///var/run/docker/libcontainerd/docker-containerd.sock --metrics-interval=0 --start-timeout 2m --state-dir /var/run/docke...


Jan 25 02:17:20 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:20.443846113-05:00\" level=info msg=\"libcontainerd: new containerd process, pid: 44347\"

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.502676459-05:00\" level=info msg=\"Graph migration to content-addressability took 0.00 seconds\"

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.503911811-05:00\" level=info msg=\"Loading containers: start.\"

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.510329460-05:00\" level=info msg=\"Firewalld running: false\"

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.570362619-05:00\" level=info msg=\"Default bridge (docker0) is assigned with an IP address 172....IP address\"

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.589716121-05:00\" level=info msg=\"Loading containers: done.\"

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.612286197-05:00\" level=info msg=\"Daemon has completed initialization\"

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.612316040-05:00\" level=info msg=\"Docker daemon\" commit=\"7d71120/1.13.1\" graphdriver=overlay2 version=1.13.1

Jan 25 02:17:21 k8s-node-232 dockerd-current[44335]: time=\"2022-01-25T02:17:21.616526404-05:00\" level=info msg=\"API listen on /var/run/docker.sock\"

Jan 25 02:17:21 k8s-node-232 systemd[1]: Started Docker Application Container Engine.

Hint: Some lines were ellipsized, use -l to show in full.

[root@k8s-node-232 kubernetes]# 

\u4e09\u3001\u6d4b\u8bd5\u9a8c\u8bc1

[root@k8s-mast-220 kubernetes]# kubectl get nodes

NAME           STATUS    AGE

k8s-node-232   Ready     28m

[root@k8s-mast-220 kubernetes]# 

"}, {"title": "firewalld\u963b\u6b62\u6076\u610f\u767b\u5f55IP\u5730\u5740", "desc": "\u7ecf\u5e38\u6709\u56fd\u5916IP\u5730\u5740\u6076\u610f\u767b\u5f55\u670d\u52a1\u5668\uff0cCentos7\u4ee5\u540e\u4f7f\u7528firewalld\u5199\u4e2a\u811a\u672c\u81ea\u52a8\u7981\u6b62\u6076\u610f\u9017\u5bc6\u7801\u7684IP\u5730\u5740\u8bbf\u95ee\u3002", "content": "

#\u901a\u8fc7\u67e5\u770bsecure \u65e5\u5fd7\uff0c\u5c06\u591a\u6b21\u8f93\u5165\u9519\u8bef\u5bc6\u7801\u767b\u5f55\u7684IP\u5730\u5740\u6dfb\u52a0\u5230\u7cfb\u7edf\u9632\u706b\u5899\u3002

\u5982\u679c/var/log/secure \u65e5\u5fd7\u6ca1\u7684\u5185\u5bb9\u8bf7\u67e5\u770b\u4e0b\u9762\u6587\u6863\u91cd\u65b0\u5efa\u7acb

\u5220\u9664secure\u65e5\u5fd7\u91cd\u65b0\u5efa\u7acb

\n

###\u811a\u672c\u5185\u5bb9

#!/bin/sh

#auto drop ssh failed IP address

#wugk 2013-1-2

SEC_FILE=/var/log/secure

IP_ADDR=`tail -n 1000 /var/log/secure |grep \"Failed password\"| egrep -o \"([0-9]{1,3}\\.){3}[0-9]{1,3}\" | sort -nr | uniq -c |awk ' $1>=4 {print $2}'`

IPTABLE_CONF=/etc/firewalld/zones/public.xml

cat << EOF

++++++++++++++welcome to use ssh login drop failed ip+++++++++++++++++

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

++++++++++++++++------------------------------------++++++++++++++++++

EOF

#\u6253\u5370\u52a8\u6001\u6eda\u52a8\u6761\uff0c\u53c2\u7167\u8001\u7537\u5b69\u535a\u5ba2-\u6570\u7ec4\u5206\u6790\u6587\u7ae0

echo -n \"\u8bf7\u7b49\u5f855\u79d2\u540e\u5f00\u59cb\u6267\u884c\"

for i in `echo $IP_ADDR`;

do

 cat $IPTABLE_CONF |grep $i >/dev/null

 if

    [ $? -ne 0 ];then

 firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address='\"$i\"' drop'

 else

    #\u5982\u4f55\u5b58\u5728\u7684\u8bdd\uff0c\u5c31\u6253\u5370\u63d0\u793a\u4fe1\u606f\u5373\u53ef

    echo  \"This is $i is exist in iptables,please exit ......\"

fi

done

echo -n \"\u91cd\u542f\u9632\u706b\u5899\"

firewall-cmd --reload


###\u5c06\u4e0a\u9762\u7684\u5185\u5bb9\u4fdd\u5b58\u4e3afirewalld.sh \u653e\u5230crontab\u5b9a\u65f6\u4efb\u52a1\u91cc\u6267\u884c\u5373\u53ef\uff0c\u624b\u52a8\u6267\u884c\u4e5f\u884c\uff0c\u9ed8\u8ba4\u8bfb\u53d6 /var/log/secure \u65e5\u5fd7\u7684 1000\u884c\u5185\u5bb9\uff0c\u4e5f\u53ef\u6839\u636e\u5b9e\u9645\u60c5\u51b5\u4fee\u6539\u3002

"}, {"title": "\u5220\u9664secure\u65e5\u5fd7\u91cd\u65b0\u5efa\u7acb", "desc": "secure \u65e5\u5fd7\u65f6\u95f4\u957f\u4e86\u5f88\u5927\uff0c\u53ef\u4ee5\u5220\u9664\u91cd\u5efa\uff0c\u4e5f\u53ef\u4ee5\u4f7f\u7528 echo /dev/null >> /var/log/secure \u6e05\u9664\u3002", "content": "

#\u5220\u9664 secure \u65e5\u5fd7

[root@Docker log]# rm -rf /var/log/secure 

#\u65b0\u5efa\u65e5\u5fd7\u5e76\u91cd\u542f\u670d\u52a1

[root@Docker log]# touch /var/log/secure

[root@Docker log]# chmod 600 /var/log/secure 

[root@Docker log]# systemctl restart sshd

[root@Docker log]# systemctl restart rsyslog

#\u67e5\u770bsecure \u65e5\u5fd7

[root@Docker log]# more /var/log/secure 

Nov  3 15:29:15 Docker polkitd[756]: Unregistered Authentication Agent for unix-process:1965:146417433 (system bus name :1.93, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, l

ocale en_US.UTF-8) (disconnected from bus)

Nov  3 15:31:57 Docker sshd[1989]: Accepted password for zhoudl from 192.168.1.168 port 53959 ssh2

Nov  3 15:31:58 Docker sshd[1989]: pam_unix(sshd:session): session opened for user zhoudl by (uid=0)

Nov  3 15:32:27 Docker unix_chkpwd[2005]: password check failed for user (root)

Nov  3 15:32:27 Docker sshd[2003]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.163.248  user=root

Nov  3 15:32:27 Docker sshd[2003]: pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"

Nov  3 15:32:29 Docker sshd[2003]: Failed password for root from 142.93.163.248 port 34516 ssh2

Nov  3 15:32:29 Docker sshd[2003]: Received disconnect from 142.93.163.248 port 34516:11: Normal Shutdown, Thank you for playing [preauth]

Nov  3 15:32:29 Docker sshd[2003]: Disconnected from 142.93.163.248 port 34516 [preauth]

Nov  3 15:33:00 Docker sshd[2006]: reverse mapping checking getaddrinfo for 221-44-121-138.eagleredes.net.br [138.121.44.221] failed - POSSIBLE BREAK-IN ATTEMPT!

Nov  3 15:33:00 Docker sshd[2006]: Invalid user dimitra from 138.121.44.221 port 6599

Nov  3 15:33:00 Docker sshd[2006]: input_userauth_request: invalid user dimitra [preauth]

Nov  3 15:33:00 Docker sshd[2006]: pam_unix(sshd:auth): check pass; user unknown

Nov  3 15:33:00 Docker sshd[2006]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=138.121.44.221

Nov  3 15:33:02 Docker sshd[2006]: Failed password for invalid user dimitra from 138.121.44.221 port 6599 ssh2

Nov  3 15:33:02 Docker sshd[2006]: Received disconnect from 138.121.44.221 port 6599:11: Bye Bye [preauth]

Nov  3 15:33:02 Docker sshd[2006]: Disconnected from 138.121.44.221 port 6599 [preauth]

Nov  3 15:34:42 Docker sshd[2008]: Invalid user delaine from 125.71.235.94 port 44300

Nov  3 15:34:42 Docker sshd[2008]: input_userauth_request: invalid user delaine [preauth]

Nov  3 15:34:42 Docker sshd[2008]: pam_unix(sshd:auth): check pass; user unknown

Nov  3 15:34:42 Docker sshd[2008]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.71.235.94

Nov  3 15:34:44 Docker sshd[2008]: Failed password for invalid user delaine from 125.71.235.94 port 44300 ssh2

Nov  3 15:34:44 Docker sshd[2008]: Received disconnect from 125.71.235.94 port 44300:11: Bye Bye [preauth]

Nov  3 15:34:44 Docker sshd[2008]: Disconnected from 125.71.235.94 port 44300 [preauth]

Nov  3 15:41:32 Docker sshd[2014]: Invalid user hxl from 180.101.224.36 port 4725

Nov  3 15:41:32 Docker sshd[2014]: input_userauth_request: invalid user hxl [preauth]

Nov  3 15:41:32 Docker sshd[2014]: pam_unix(sshd:auth): check pass; user unknown

Nov  3 15:41:32 Docker sshd[2014]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.101.224.36

Nov  3 15:41:34 Docker sshd[2014]: Failed password for invalid user hxl from 180.101.224.36 port 4725 ssh2

Nov  3 15:41:34 Docker sshd[2014]: Received disconnect from 180.101.224.36 port 4725:11: Bye Bye [preauth]

Nov  3 15:41:34 Docker sshd[2014]: Disconnected from 180.101.224.36 port 4725 [preauth]

Nov  3 15:42:17 Docker unix_chkpwd[2018]: password check failed for user (root)

Nov  3 15:42:17 Docker sshd[2016]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.163.248  user=root

Nov  3 15:42:17 Docker sshd[2016]: pam_succeed_if(sshd:auth): requirement \"uid >= 1000\" not met by user \"root\"

Nov  3 15:42:19 Docker sshd[2016]: Failed password for root from 142.93.163.248 port 45758 ssh2

Nov  3 15:42:19 Docker sshd[2016]: Received disconnect from 142.93.163.248 port 45758:11: Normal Shutdown, Thank you for playing [preauth]

Nov  3 15:42:19 Docker sshd[2016]: Disconnected from 142.93.163.248 port 45758 [preauth]

Nov  3 15:44:36 Docker sshd[2019]: Connection closed by 138.121.44.221 port 37692 [preauth]

Nov  3 15:46:46 Docker sshd[2022]: Invalid user ioannis from 125.71.235.94 port 43080

Nov  3 15:46:46 Docker sshd[2022]: input_userauth_request: invalid user ioannis [preauth]

Nov  3 15:46:46 Docker sshd[2022]: pam_unix(sshd:auth): check pass; user unknown

Nov  3 15:46:46 Docker sshd[2022]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.71.235.94

Nov  3 15:46:48 Docker sshd[2022]: Failed password for invalid user ioannis from 125.71.235.94 port 43080 ssh2

Nov  3 15:46:48 Docker sshd[2022]: Received disconnect from 125.71.235.94 port 43080:11: Bye Bye [preauth]

Nov  3 15:46:48 Docker sshd[2022]: Disconnected from 125.71.235.94 port 43080 [preauth]




"}, {"title": "btmp\u548cwtmp", "desc": "\u8fd9\u4e24\u4e2a\u6587\u4ef6\u90fd\u4f4d\u4e8e/var/log\u4e0b\u9762\uff0cwtmp\u8bb0\u5f55\u7684\u662f\u767b\u5f55\u7684\u4fe1\u606f\uff0cbtmp\u8bb0\u5f55\u7684\u662f\u767b\u5f55\u5931\u8d25\u4fe1\u606f\u3002\u6700\u8fd1\u8001\u662f\u6709\u654c\u5bf9\u52bf\u529b\u66b4\u529b\u7834\u89e3\u5bfc\u81f4btmp\uff0c\u6587\u4ef6\u731b\u589e\uff0c\u7531\u4e8e\u670d\u52a1\u5668\u8d44\u6e90\u6709\u9650\uff0c\u5220\u9664btmp\u91cd\u5efa\u4e86\u3002", "content": "

1.\u5220\u9664\u4e4b\u524d\u5148\u7528lastb \u547d\u4ee4\u67e5\u770b\u4e0b\u6076\u610f\u767b\u5f55\u7684\u5883\u5916IP\uff0c\u7528\u9632\u706b\u5899\u628aIP\u7981\u6b62\u4e86\u3002

[root@Docker log]#  lastb

[root@Docker log]#  firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=\"161.97.86.26\" drop'

[root@Docker log]#  firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=\"188.166.72.50\" drop'

[root@Docker log]#  firewall-reload

2.\u5220\u9664\u91cd\u65b0\u5efa

[root@Docker log]# rm -rf /var/log/btmp

[root@Docker log]# touch /var/log/btmp

[root@Docker log]# chown root:utmp /var/log/btmp

[root@Docker log]# chmod 0600 /var/log/btmp

[root@Docker log]# lastb


btmp begins Wed Jul 28 09:26:19 2021

3.\u5220\u9664\u540e\u7684\u62a5\u9519\u63d0\u793a

last: /var/log/wtmp: No such file or directory

Perhaps this file was removed by the operator to prevent logging last info.


lastb: /var/log/btmp: No such file or directory

Perhaps this file was removed by the operator to prevent logging lastb info.

"}, {"title": "\u534e\u4e3a\u8363\u8000magicbook pro20\u724816.1\u5bf8\u62c6\u673a\u6362\u5c4f", "desc": "\u8fd9\u6b21\u6362\u5c4f\uff0c\u7f51\u4e0a\u641c\u4e86\u597d\u591a\u8d44\u6599\u90fd\u662f19\u724814\u82f1\u5bf8\u7684\u62c6\u673a\u56fe\u7247\uff0c\u6211\u8fd9\u6b3e\u662f\u534e\u4e3a\u8363\u8000magicbook pro20\u724816.1\u5bf8\u65e0\u8fb9\u6846\u7684\u5e9f\u4e86\u8001\u5927\u52b2\u624d\u641e\u5b9a\uff0c\u7559\u56fe\u5e2e\u52a9\u5176\u5b83\u6362\u5c4f\u7684\u5c0f\u4f19\u4f34\u3002", "content": "

1.\u5c4f\u5df2\u788e\u3002\u539f\u56e0\u4e0d\u8bf4\u4e86\uff0c\u75c7\u72b6\u5c31\u662f\u8fd9\u4e48\u4e2a\u60c5\u51b5

2.\u62c6\u540e\u76d6\uff0c\u628a\u7535\u6c60\u7ebf\u6263\u4e0b\u6765\uff0c\u9632\u6b62\u5c4f\u70e7\u574f
3.\u7528\u5439\u98ce\u673a\u628a\u5c4f\u4e00\u5468\u5439\u5439\uff0c\u7136\u540e\u7528\u64ac\u68d2\u62c6\u673a\u5361\uff0c\u628a\u8fb9\u6846\u62c6\u6389\u3002
4.\u6dd8\u5b9d\u5546\u5bb6\u8bf4\u5c4f\u4e0b\u9762\u6709\u9ed1\u8272\u80f6\u5934\u628a\u6263\u51fa\u6765\uff0c\u5c4f\u53d6\u4e0b\u6765\uff0c\u6211\u8fd9\u8fb9\u6ca1\u627e\u4e86\u534a\u5929\u6ca1\u627e\u5230\uff0c\u56e0\u4e3a\u8001\u5c4f\u662f\u574f\u7684\u76f4\u63a5\u7528\u64ac\u68d2\u914d\u5408\u62c6\u673a\u5361\u5f3a\u884c\u62c6\u4e0b\u7684\uff0c\u62c6\u4e0b\u5982\u56fe\u4e5f\u6ca1\u53d1\u73b0\u53ef\u4ee5\u62c9\u7684\u62c9\u529b\u80f6\u3002
5.\u6ce8\u610f\u6392\u7ebf\u5f88\u77ed\uff0c\u8bd5\u7740\u5f80\u5916\u62c9\uff0c\u62c9\u4e0d\u52a8\uff0c\u8fd9\u91cc\u4e0a\u65b0\u5c4f\u5c31\u770b\u81ea\u5df1\u624b\u5de5\u80fd\u529b\u4e86\uff0c\u6211\u88c5\u4e86\u4e09\u6b21\u624d\u70b9\u4eae