Journalctl parou de registrar após ser transbordado e reinicializado

Navegue suas respostas
1

Meu pc parou de registrar desde hoje 06:54:07 : 

$ journalctl --verify
24af830: Invalid data object at hash entry 4203 of 233016
File corruption detected at /var/log/journal/32d0d5fb253f44a692fd0e09b4893fe2/system.journal:24af6b0 (of 41943040 bytes, 91%).
FAIL: /var/log/journal/32d0d5fb253f44a692fd0e09b4893fe2/system.journal (Bad message)

Alguma parte da saída do comando journalctl --boot=-2 -r : 

Jul 17 06:44:40 asdf sshd[7661]: ^[[0;1;39mPAM 1 more authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.5.7  user=root
Jul 17 06:44:40 asdf sshd[7661]: Disconnected from 10.0.5.7 port 41364 [preauth]
Jul 17 06:44:40 asdf sshd[7661]: Received disconnect from 10.0.5.7 port 41364:11:  [preauth]
Jul 17 06:44:40 asdf sshd[7661]: Failed password for root from 10.0.5.7 port 41364 ssh2
Jul 17 06:44:38 asdf sshd[7661]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 17 06:44:37 asdf sshd[7661]: Failed password for root from 10.0.5.7 port 41364 ssh2
Jul 17 06:44:36 asdf sshd[7661]: ^[[0;1;39mpam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.5.7  user=root
Jul 17 06:44:36 asdf sshd[7661]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 17 06:44:34 asdf sshd[7658]: ^[[0;1;39mPAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.5.7  user=root
Jul 17 06:44:34 asdf sshd[7658]: Disconnected from 10.0.5.7 port 33277 [preauth]
Jul 17 06:44:34 asdf sshd[7658]: Received disconnect from 10.0.5.7 port 33277:11:  [preauth]
Jul 17 06:44:34 asdf sshd[7658]: Failed password for root from 10.0.5.7 port 33277 ssh2
Jul 17 06:44:32 asdf sshd[7658]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 17 06:44:32 asdf sshd[7658]: Failed password for root from 10.0.5.7 port 33277 ssh2
Jul 17 06:44:29 asdf sshd[7658]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 17 06:44:29 asdf sshd[7658]: Failed password for root from 10.0.5.7 port 33277 ssh2
Jul 17 06:44:27 asdf sshd[7658]: ^[[0;1;39mpam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.5.7  user=root
Jul 17 06:44:27 asdf sshd[7658]: pam_tally(sshd:auth): Tally overflowed for user root
Jul 17 06:44:25 asdf sshd[7656]: ^[[0;1;39mPAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=10.0.5.7  user=root
Jul 17 06:44:25 asdf sshd[7656]: Disconnected from 10.0.5.7 port 36290 [preauth]
Jul 17 06:44:25 asdf sshd[7656]: Received disconnect from 10.0.5.7 port 36290:11:  [preauth]
Jul 17 06:44:25 asdf sshd[7656]: Failed password for root from 10.0.5.7 port 36290 ssh2
Jul 17 06:44:24 asdf sshd[7656]: pam_tally(sshd:auth): Tally overflowed for user root

Meu computador foi reinicializado depois disso.

A questão é:

  1. o meu computador está comprometido? se sim, como evitar que acontecesse novamente no futuro sem usar fail2ban / sshguard pois esse ip (10.0.5.7) foi usado por toda pessoa que tenta se conectar ao meu computador (NAT'ed pelo administrador da rede) ?

  2. como consertar o log? Eu movi o arquivo corrompido para outro diretório. como ler o log corrompido para diagnóstico?

por Kokizzu 17.07.2016 / 17:13

0 respostas

Tags

Brilho da tela no Debian depois de dormir / hibernar no Macbook com placa de vídeo Intel Devo rodar o keyring do Gnome, a única maneira de conectar-se ao wifis?