最近經常看到我主機/var/log/message出現這個訊息.....
Jul 7 01:42:35 test named[614]: lame server resolving 'mail.intellect.com.tw' (in 'intellect.com.TW'?): 211.75.227.46#53
Jul 7 02:05:46 test sshd(pam_unix)[6654]: session closed for user root
Jul 7 06:03:45 test named[614]: lame server resolving '5.32.229.195.in-addr.arpa' (in '32.229.195.in-addr.arpa'?): 194.170.1.7#53
Jul 7 06:03:57 test last message repeated 3 times
搞不太清楚, 怎麼會有人亂七八糟的要來我的主機更新NS紀錄?
---------- 危機分格線 ------------
又, 另外一種訊息, 出現在/var/log/secure裡面
Jul 7 10:13:56 test xinetd[641]: START: imap pid=9772 from=127.0.0.1
Jul 7 10:13:57 test xinetd[641]: EXIT: imap pid=9772 duration=1(sec)
Jul 7 10:17:27 test xinetd[641]: START: imap pid=9788 from=127.0.0.1
Jul 7 10:17:28 test xinetd[641]: EXIT: imap pid=9788 duration=1(sec)
Jul 7 10:19:46 test xinetd[641]: START: imap pid=9793 from=127.0.0.1
Jul 7 10:19:46 test xinetd[641]: EXIT: imap pid=9793 duration=0(sec)
Jul 7 10:19:51 test xinetd[641]: START: imap pid=9794 from=127.0.0.1
Jul 7 10:19:51 test xinetd[641]: EXIT: imap pid=9794 duration=0(sec)
Jul 7 10:19:56 test xinetd[641]: START: imap pid=9795 from=127.0.0.1
Jul 7 10:19:57 test xinetd[641]: EXIT: imap pid=9795 duration=1(sec)
Jul 7 10:19:59 test xinetd[641]: START: imap pid=9796 from=127.0.0.1
Jul 7 10:20:01 test xinetd[641]: EXIT: imap pid=9796 duration=2(sec)
Jul 7 10:20:11 test xinetd[641]: START: imap pid=9806 from=127.0.0.1
Jul 7 10:20:11 test xinetd[641]: EXIT: imap pid=9806 duration=0(sec)
Jul 7 10:21:00 test xinetd[641]: START: imap pid=9809 from=127.0.0.1
Jul 7 10:21:01 test xinetd[641]: EXIT: imap pid=9809 duration=1(sec)
Jul 7 10:21:12 test xinetd[641]: START: imap pid=9810 from=127.0.0.1
Jul 7 10:21:12 test xinetd[641]: EXIT: imap pid=9810 duration=0(sec)
Jul 7 10:21:13 test xinetd[641]: START: imap pid=9811 from=127.0.0.1
Jul 7 10:21:14 test xinetd[641]: EXIT: imap pid=9811 duration=1(sec)
Jul 7 10:21:21 test xinetd[641]: START: imap pid=9812 from=127.0.0.1
Jul 7 10:21:21 test xinetd[641]: EXIT: imap pid=9812 duration=0(sec)
請注意, 我的imap一直在跟127.0.0.1連線, 包含連smtp也是這樣, 是不是有問題了? 因為之前檢查紀錄檔都沒有像這樣子連續且完整的自我連接, 是不是有狀況發生? 還請各位指點一下, 多謝!