我正在查看我的服务器的validation日志,我很惊讶地看到时间被抵消了。
root@server:/home/admin# date Tue Jan 12 09:51:36 CET 2016 root@server:/home/admin# tail /var/log/auth.log Jan 12 03:10:05 server sshd[18973]: Connection closed by 222.189.40.171 [preauth] Jan 12 03:25:43 server sshd[18983]: reverse mapping checking getaddrinfo for 210.subnet222-124-218.static.astinet.telkom.net.id [222.124.218.210] failed - POSSIBLE BREAK-IN ATTEMPT! Jan 12 03:25:43 server sshd[18983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.218.210 user=root Jan 12 03:25:45 server sshd[18983]: Failed password for root from 222.124.218.210 port 34563 ssh2 Jan 12 03:25:45 server sshd[18983]: Connection closed by 222.124.218.210 [preauth] Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0) Jan 12 03:42:38 server su[19013]: Successful su for root by admin Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root Jan 12 03:42:38 server
这是服务器configuration的时区:
cat /etc/timezone Europe/Berlin
也许这是有帮助的,知道服务器是一个VZ的客人。
以下是命令连续显示的内容:
$ su -c "date && tail -n 5 /var/log/auth.log" Password: Tue Jan 12 10:33:24 CET 2016 Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0) Jan 12 03:42:38 server su[19013]: Successful su for root by admin Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root Jan 12 03:42:38 server su[19013]: pam_unix(su:session): session opened for user root by admin(uid=1000)
显然这是一个知道的问题。
我通过重新启动rsyslog来解决这个问题。