{"id":5581,"date":"2019-11-17T22:55:38","date_gmt":"2019-11-17T13:55:38","guid":{"rendered":"https:\/\/pandanote.info\/?p=5581"},"modified":"2020-12-31T18:10:10","modified_gmt":"2020-12-31T09:10:10","slug":"sshd%e3%81%ae%e3%83%9d%e3%83%bc%e3%83%88%e7%95%aa%e5%8f%b7%e3%82%92%e5%a4%89%e3%81%88%e3%82%8b%e3%81%ab%e8%87%b3%e3%82%8b%e9%81%93%e3%81%ae%e3%82%8a%e3%80%82","status":"publish","type":"post","link":"https:\/\/pandanote.info\/?p=5581","title":{"rendered":"sshd\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u5909\u3048\u308b\u306b\u81f3\u308b\u9053\u306e\u308a\u3002"},"content":{"rendered":"

\u306f\u3058\u3081\u306b<\/h2>\n

\u6700\u8fd1\u3001\u8a18\u4e8b\u3092\u66f8\u3044\u3066\u3044\u308b\u969b\u306b\u753b\u50cf\u30d5\u30a1\u30a4\u30eb\u304c\u6025\u306b\u30a2\u30c3\u30d7\u30ed\u30fc\u30c9\u3067\u304d\u306a\u304f\u306a\u308a\u3001\u539f\u56e0\u3092\u8abf\u3079\u3066\u307f\u305f\u3068\u3053\u308d\u3001\u672cWeb\u30b5\u30a4\u30c8\u306ejournal\u30ed\u30b0\u304c\u6fc0\u5897\u3057\u305f\u305b\u3044\u3067filesystem\u306e\u4f7f\u7528\u7387\u304c100%\u3068\u306a\u3063\u3066\u3044\u307e\u3057\u305f\u3002<\/p>\n

\u3068\u3044\u3046\u3053\u3068\u3067\u3001\u3044\u308d\u3044\u308d\u3068\u5bfe\u5fdc\u7b56\u3092\u691c\u8a0e&\u5b9f\u884c\u3057\u305f\u7d50\u679c\u3001sshd\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u5909\u66f4\u3059\u308b\u3053\u3068\u3068\u3057\u307e\u3057\u305f\u306e\u3067\u3001\u3053\u306e\u8a18\u4e8b\u3067\u306fsshd\u306e\u30dd\u30fc\u30c8\u756a\u53f7\u3092\u5909\u3048\u308b\u306b\u81f3\u308b\u307e\u3067\u306e\u7d4c\u7def\u306b\u3064\u3044\u3066\u66f8\u304d\u307e\u3059\u3002<\/p>\n

journal\u30ed\u30b0\u306e\u5185\u5bb9\u3092\u8abf\u3079\u3066\u307f\u305f\u3002<\/h2>\n

filesystem\u306e\u4f7f\u7528\u7387\u304c100%\u306e\u72b6\u6cc1\u304c\u7d9a\u304f\u3068\u3001\u601d\u308f\u306c\u3068\u3053\u308d\u3067\u30d5\u30a1\u30a4\u30eb\u3092\u524a\u9664\u3057\u3066\u3057\u307e\u3046(\u5b9f\u969b\u3001\u672cWeb\u30b5\u30a4\u30c8\u7528\u306b\u30ab\u30b9\u30bf\u30de\u30a4\u30ba\u3057\u305fPHP\u30d5\u30a1\u30a4\u30eb\u306e\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u6642\u306b\u3053\u306e\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u3066\u30d5\u30a1\u30a4\u30eb\u304c\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3055\u308c\u306a\u3044\u3069\u3053\u308d\u304b\u3001\u3082\u3068\u3082\u3068\u3042\u3063\u305fPHP\u30d5\u30a1\u30a4\u30eb\u3082\u524a\u9664\u3055\u308c\u3066\u3057\u307e\u3046\u3053\u3068\u304c\u3042\u308a\u307e\u3057\u305f\uff57)\u7b49\u306e\u554f\u984c\u304c\u767a\u751f\u3059\u308b\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u306e\u3067\u3001root\u6a29\u9650\u3067\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u3066\u53e4\u3044journal\u30ed\u30b0\u3092\u524a\u9664\u3057\u3066filesystem\u306e\u30b9\u30da\u30fc\u30b9\u3092\u5c11\u3057\u89e3\u653e\u3057\u3001\u3044\u3063\u305f\u3093\u843d\u3061\u7740\u304d\u307e\u3059\u3002<\/p>\n

# journalctl --vacuum-size=10M<\/div>\n

 <\/p>\n

filesystem\u306e\u30b9\u30da\u30fc\u30b9\u304c\u3042\u3044\u3066\u843d\u3061\u7740\u3044\u305f\u3068\u3053\u308d\u3067\u3001\u4ee5\u4e0b\u306e\u30b3\u30de\u30f3\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/p>\n

# journalctl | less<\/div>\n

 <\/p>\n

\u4e0a\u8a18\u306e\u30b3\u30de\u30f3\u30c9\u306e\u5b9f\u884c\u7d50\u679c\u3068\u3057\u3066\u51fa\u529b\u3055\u308c\u308bjournal\u306e\u30ed\u30b0\u3092\u3088\u30fc\u304f\u89b3\u5bdf\u3059\u308b\u3068\u2026<\/p>\n

11\u6708 16 18:14:30 pandanote.info audit[13496]: USER_LOGIN pid=13496 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="(unknown)" exe="\/usr\/sbin\/sshd" hostname=? addr=aaa.bbb.ccc.ddd terminal=ssh res=failed'<\/div>\n

 <\/p>\n

\u3063\u3066\u306a\u611f\u3058\u306e\u30ed\u30b0\u304c\u5927\u91cf\u306b\u51fa\u529b\u3055\u308c\u3066\u307e\u3057\u305f(IP\u30a2\u30c9\u30ec\u30b9\u306e\u90e8\u5206\u306f\u52a0\u5de5\u3057\u3066\u3044\u307e\u3059)\u3002<\/p>\n

\u3064\u307e\u308a\u3001<\/p>\n