nologin: Attempted login by UNKNOWN
Bon dia,
M'agradaria saber, si algú ho sap explicar o té referències, què és el
què fa que s'enregistrin aquestes temptatives d'inici de sessió quan
arrenca el sistema operatiu:
$ sudo journalctl -b -p err
may 24 08:54:23 system nologin[11802]: Attempted login by UNKNOWN (UID:
1) on UNKNOWN
may 24 08:54:24 system nologin[11846]: Attempted login by UNKNOWN (UID:
2) on UNKNOWN
may 24 08:54:24 system nologin[11875]: Attempted login by UNKNOWN (UID:
3) on UNKNOWN
may 24 08:54:24 system nologin[11933]: Attempted login by UNKNOWN (UID:
5) on UNKNOWN
may 24 08:54:25 system nologin[11962]: Attempted login by UNKNOWN (UID:
6) on UNKNOWN
may 24 08:54:25 system nologin[11997]: Attempted login by UNKNOWN (UID:
7) on UNKNOWN
may 24 08:54:25 system nologin[12038]: Attempted login by UNKNOWN (UID:
8) on UNKNOWN
may 24 08:54:25 system nologin[12069]: Attempted login by UNKNOWN (UID:
9) on UNKNOWN
may 24 08:54:25 system nologin[12098]: Attempted login by UNKNOWN (UID:
10) on UNKNOWN
may 24 08:54:25 system nologin[12128]: Attempted login by UNKNOWN (UID:
13) on UNKNOWN
may 24 08:54:26 system nologin[12157]: Attempted login by UNKNOWN (UID:
33) on UNKNOWN
may 24 08:54:26 system nologin[12186]: Attempted login by UNKNOWN (UID:
34) on UNKNOWN
may 24 08:54:26 system nologin[12215]: Attempted login by UNKNOWN (UID:
38) on UNKNOWN
may 24 08:54:26 system nologin[12244]: Attempted login by UNKNOWN (UID:
39) on UNKNOWN
may 24 08:54:26 system nologin[12284]: Attempted login by UNKNOWN (UID:
42) on UNKNOWN
may 24 08:54:27 system nologin[12313]: Attempted login by UNKNOWN (UID:
65534) on UNKNOWN
may 24 08:54:27 system nologin[12349]: Attempted login by UNKNOWN (UID:
998) on UNKNOWN
may 24 08:54:27 system nologin[12420]: Attempted login by UNKNOWN (UID:
997) on UNKNOWN
may 24 08:54:27 system nologin[12450]: Attempted login by UNKNOWN (UID:
100) on UNKNOWN
may 24 08:54:27 system nologin[12481]: Attempted login by UNKNOWN (UID:
101) on UNKNOWN
Justament coincideix amb els comptes d'usuari que tenen assignat
l'intèrpret «nologin», i en el mateix ordre:
$ cat /etc/passwd | cut -f 1,3,7 -d ':' | grep -e nologin
daemon:1:/usr/sbin/nologin
bin:2:/usr/sbin/nologin
sys:3:/usr/sbin/nologin
games:5:/usr/sbin/nologin
man:6:/usr/sbin/nologin
lp:7:/usr/sbin/nologin
mail:8:/usr/sbin/nologin
news:9:/usr/sbin/nologin
uucp:10:/usr/sbin/nologin
proxy:13:/usr/sbin/nologin
www-data:33:/usr/sbin/nologin
backup:34:/usr/sbin/nologin
list:38:/usr/sbin/nologin
irc:39:/usr/sbin/nologin
_apt:42:/usr/sbin/nologin
nobody:65534:/usr/sbin/nologin
systemd-network:998:/usr/sbin/nologin
systemd-timesync:997:/usr/sbin/nologin
messagebus:100:/usr/sbin/nologin
sshd:101:/usr/sbin/nologin
Gràcies.
--
Narcis Garcia
__________
I'm using this dedicated address because personal addresses aren't
masked enough at this mail public archive. Public archive administrator
should remove and omit any @, dot and mailto combinations against
automated addresses collectors.
Reply to: