CentOS 6,Parallels PLESK 10.4,Apache
我的一台服务器在周末沮丧得令我沮丧.在它发生的那一天和时间,我的日志错误/消息以此结束 –
在/ var /日志/安全:
Jul 29 03:53:15 u######## su: PAM adding faulty module: /lib64/security/pam_fprintd.so Jul 29 03:53:15 u######## su: pam_unix(su-l:session): session opened for user popuser by (uid=0) Jul 29 03:53:16 u######## su: pam_unix(su-l:session): session closed for user popuser Jul 29 03:53:16 u######## su: PAM unable to dlopen(/lib64/security/pam_fprintd.so): /lib64/security/pam_fprintd.so: cannot open shared object file: No such file or directory Jul 29 03:53:16 u######## su: PAM adding faulty module: /lib64/security/pam_fprintd.so Jul 29 03:53:16 u######## su: pam_unix(su-l:session): session opened for user popuser by (uid=0) Jul 29 03:53:18 u######## su: pam_unix(su-l:session): session closed for user popuser
然后立即,
在/ var / log / messages中:
Jul 29 03:53:21 u######## kernel: imklog 4.6.2,log source = /proc/kmsg started. Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1370" x-info="http://www.rsyslog.com"] (re)start
/ var / log / messages(当天):
Jul 29 03:53:21 u######## rsyslogd: [origin software="rsyslogd" swVersion="4.6.2" x-pid="1370" x-info="http://www.rsyslog.com"] rsyslogd was HUPed,type 'restart'. Jul 29 03:53:21 u######## kernel: Kernel logging (proc) stopped.
来自/ var / log / cron
Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting awstats Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[32242]: finished awstats Jul 29 03:53:20 u######## run-parts(/etc/cron.daily)[29257]: starting logrotate
这是我在服务器关闭之前收到的最后一条消息.我用Google搜索的所有内容都让我相信为用户popuser打开的会话是一个相当常见的日志条目,不应该被视为威胁,但出于某种原因我将其解释为不太好的东西.
其他人提到PAM添加故障模块可能是一个错误?我甚至都不知道PAM是什么……
任何有关如何解释这些的见解将不胜感激.我查过了
/var/log/secure /var/log/messages /var/log/cron
我还有其他可以帮助诊断的地方吗?
非常感谢,SF.
