试题二(共20分)
阅读下列说明,回答问题1至问题5,将解答填入答题纸的对应栏内。
【说明】
通常由于机房电磁环境复杂,运维人员很少在现场进行运维工作,在出现安全事件需要紧急处理时,需要运维人员随时随地远程开展处置工作。
SSH(安全外壳协议)是一种加密的网络传输协议,提供安全方式访问远程计算机。李工作为公司的安全运维工程师,也经常使用SSH远程登录到公司的Ubuntu18.04服务器中进行安全维护。
刷题刷出新高度,偷偷领先!偷偷领先!偷偷领先! 关注我们,悄悄成为最优秀的自己!
简答题
【问题3】(4分)
日志包含设备、系统和应用软件的各种运行信息,是安全运维的重点关注对象。李工在定期巡检服务器的SSH日志时,发现了以下可疑记录:
Jul 22 17: 17: 52 humen systed-logiad [1182] : Waching sytem buttons on/dev/input/evet0 (Power Button)
Jul 22 17: 17: 52 humen systed-logiad [1182] : Waching sytem buttons on/dev/input/evet1(AT Translated Set 2 keyboard)
Jul 23 09: 33: 41 humen sshd [5423] :pam_unix (sshd:auth) authentication failure, Iogame= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 43 humen sshd [5423] :Failed password for humen from 192.168.107.130 port 40231 ssh2
Jul 23 09: 33: 43 humen sshd [5423] :Connection closed by authenticating user humen 192.168.107.130 port 40231[preauth]
Jul 23 09: 33: 43 humen sshd [5425] :pam_unix (sshd:auth) :authentication failure; logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 45 humen sshd [5425] : Failed password for humen from 192.168.107.130 port 37223 ssh2
Jul 23 09: 33: 45 humen sshd [5425] : Connection closed by authenticating user humen192.168.107.130 port 37223 [preauth]
Jul 23 09: 33: 45 humen sshd [5427] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 47 humen sshd [5427] : Failed password for humen from 192.168.107.130 port 41365 ssh2
Jul 23 09: 33: 47 humen sshd [5427] :Connection closed by authenticating user humen 192.168.107.130 port 41365 [preauth]
Jul 23 09: 33: 47 humen sshd [5429] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 49 humen sshd [5429] : Failed password for humen from 192.168.107.130 port 45627 ssh2
Jul 23 09: 33: 49 humen sshd [5429] :Connection closed by authenticating user humen 192.168.107.130 port 45627 [preauth]
Jul 23 09: 33: 49 humen sshd [5431] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 51 humen sshd [5431] : Failed password for humen from192.168.107.130 port 42271 ssh2
Jul 23 09: 33: 51 humen sshd [5431] :Connection closed by authenticating user humen 192.168.107.130 port 42271 [preauth]
Jul 23 09: 33: 51 humen sshd [5433] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 53 humen sshd [5433] : Failed password for humen from 192.168.107.130 port 45149 ssh2
Jul 23 09: 33: 53 humen sshd [5433] :Connection closed by authenticating user humen 192.168.107.130 port 45149[preauth]
Jul 23 09: 33:54 humen sshd [5435] :Accepted password for humen from 192.168.107.130 port 45671 ssh2
Jul 23 09: 33: 54 humen sshd [5435] : pam_unix (sshd:auth) : session opened for user humen by (uid=0)
(1)请问李工打开的系统日志文件的路径和名称?
(2)李工怀疑有黑客在攻击该系统,请给出判断攻击成功与否的命令以便李工评估攻击的影响。
【问题3】(4分)
日志包含设备、系统和应用软件的各种运行信息,是安全运维的重点关注对象。李工在定期巡检服务器的SSH日志时,发现了以下可疑记录:
Jul 22 17: 17: 52 humen systed-logiad [1182] : Waching sytem buttons on/dev/input/evet0 (Power Button)
Jul 22 17: 17: 52 humen systed-logiad [1182] : Waching sytem buttons on/dev/input/evet1(AT Translated Set 2 keyboard)
Jul 23 09: 33: 41 humen sshd [5423] :pam_unix (sshd:auth) authentication failure, Iogame= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 43 humen sshd [5423] :Failed password for humen from 192.168.107.130 port 40231 ssh2
Jul 23 09: 33: 43 humen sshd [5423] :Connection closed by authenticating user humen 192.168.107.130 port 40231[preauth]
Jul 23 09: 33: 43 humen sshd [5425] :pam_unix (sshd:auth) :authentication failure; logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 45 humen sshd [5425] : Failed password for humen from 192.168.107.130 port 37223 ssh2
Jul 23 09: 33: 45 humen sshd [5425] : Connection closed by authenticating user humen192.168.107.130 port 37223 [preauth]
Jul 23 09: 33: 45 humen sshd [5427] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 47 humen sshd [5427] : Failed password for humen from 192.168.107.130 port 41365 ssh2
Jul 23 09: 33: 47 humen sshd [5427] :Connection closed by authenticating user humen 192.168.107.130 port 41365 [preauth]
Jul 23 09: 33: 47 humen sshd [5429] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 49 humen sshd [5429] : Failed password for humen from 192.168.107.130 port 45627 ssh2
Jul 23 09: 33: 49 humen sshd [5429] :Connection closed by authenticating user humen 192.168.107.130 port 45627 [preauth]
Jul 23 09: 33: 49 humen sshd [5431] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 51 humen sshd [5431] : Failed password for humen from192.168.107.130 port 42271 ssh2
Jul 23 09: 33: 51 humen sshd [5431] :Connection closed by authenticating user humen 192.168.107.130 port 42271 [preauth]
Jul 23 09: 33: 51 humen sshd [5433] : pam_unix (sshd:auth) :authentication failure;logname= uid=0 euid=0 tty=ssh ruser=rhost=192.168.107.130 user=humen
Jul 23 09: 33: 53 humen sshd [5433] : Failed password for humen from 192.168.107.130 port 45149 ssh2
Jul 23 09: 33: 53 humen sshd [5433] :Connection closed by authenticating user humen 192.168.107.130 port 45149[preauth]
Jul 23 09: 33:54 humen sshd [5435] :Accepted password for humen from 192.168.107.130 port 45671 ssh2
Jul 23 09: 33: 54 humen sshd [5435] : pam_unix (sshd:auth) : session opened for user humen by (uid=0)
(1)请问李工打开的系统日志文件的路径和名称?
(2)李工怀疑有黑客在攻击该系统,请给出判断攻击成功与否的命令以便李工评估攻击的影响。
使用微信搜索喵呜刷题,轻松应对考试!
答案:
(1)路径:/var/log。名称:/var/log/secure
(2)日志文件包含“Accepted password for humnen”的命令可以判断登录成功。
解析:
在Linux系统中,安全日志(/var/log/secure)存放了验证和授权方面的信息。SSH会将所有信息记录在这里,包括失败的登录尝试。从提供的日志中可以看到多次失败的登录尝试和一次成功的登录。成功的登录可以在日志中通过“Accepted password for humen”来判断。因此,如果李工在日志中找到了这样的记录,就可以判断攻击是成功的。
创作类型:
原创
本文链接:【问题3】(4分)日志包含设备、系统和应用软件的各种运行信息,是安全运维的重点关注对象。李工在定期巡
版权声明:本站点所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明文章出处。让学习像火箭一样快速,微信扫码,获取考试解析、体验刷题服务,开启你的学习加速器!
分享考题 
