auth arquivo de log mostra a hora errada?

1

Eu estava olhando para o log de autenticação do meu servidor, e fiquei surpreso ao ver que os tempos são compensados.

root@server:/home/admin# date
Tue Jan 12 09:51:36 CET 2016
root@server:/home/admin# tail /var/log/auth.log 
Jan 12 03:10:05 server sshd[18973]: Connection closed by 222.189.40.171 [preauth]
Jan 12 03:25:43 server sshd[18983]: reverse mapping checking getaddrinfo for 210.subnet222-124-218.static.astinet.telkom.net.id [222.124.218.210] failed - POSSIBLE BREAK-IN ATTEMPT!
Jan 12 03:25:43 server sshd[18983]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.124.218.210  user=root
Jan 12 03:25:45 server sshd[18983]: Failed password for root from 222.124.218.210 port 34563 ssh2
Jan 12 03:25:45 server sshd[18983]: Connection closed by 222.124.218.210 [preauth]
Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae
Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jan 12 03:42:38 server su[19013]: Successful su for root by admin
Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root
Jan 12 03:42:38 server

Este é o fuso horário que o servidor configurou:

cat /etc/timezone 
Europe/Berlin

Talvez seja útil saber que o servidor é um convidado do VZ.

Aqui está o que os comandos mostram em sequência:

$ su -c "date && tail -n 5 /var/log/auth.log"
Password: 
Tue Jan 12 10:33:24 CET 2016
Jan 12 03:41:45 server sshd[18991]: Accepted publickey for admin from 217.111.52.130 port 35090 ssh2: RSA 0b:7a:fa:16:89:a2:ad:9c:06:7f:d1:c8:91:de:23:ae
Jan 12 03:41:45 server sshd[18991]: pam_unix(sshd:session): session opened for user admin by (uid=0)
Jan 12 03:42:38 server su[19013]: Successful su for root by admin
Jan 12 03:42:38 server su[19013]: + /dev/pts/0 admin:root
Jan 12 03:42:38 server su[19013]: pam_unix(su:session): session opened for user root by admin(uid=1000)
    
por Oz123 12.01.2016 / 09:56

1 resposta

1

Aparentemente, esse é um problema conhecido.

Eu consertei isso reiniciando o rsyslog.

    
por 12.01.2016 / 11:43