Desafio 8 — Log Suspeito Médio · 200pts

Jun 12 03:14:22 srv-delegacia sshd[1234]: Failed password for invalid user admin from 185.220.101.47 port 54321 ssh2 Jun 12 03:14:23 srv-delegacia sshd[1234]: Failed password for invalid user root from 185.220.101.47 port 54322 ssh2 Jun 12 03:14:24 srv-delegacia sshd[1234]: Failed password for invalid user postgres from 185.220.101.47 port 54323 ssh2 Jun 12 03:14:25 srv-delegacia sshd[1234]: Failed password for invalid user ubuntu from 185.220.101.47 port 54324 ssh2 Jun 12 03:14:51 srv-delegacia sshd[1235]: Failed password for svc_backup from 185.220.101.47 port 54400 ssh2 Jun 12 03:14:52 srv-delegacia sshd[1235]: Failed password for svc_backup from 185.220.101.47 port 54401 ssh2 Jun 12 03:14:53 srv-delegacia sshd[1235]: Failed password for svc_backup from 185.220.101.47 port 54402 ssh2 Jun 12 03:15:01 srv-delegacia sshd[1235]: Failed password for svc_backup from 185.220.101.47 port 54403 ssh2 Jun 12 03:15:09 srv-delegacia sshd[1235]: Accepted password for svc_backup from 185.220.101.47 port 54410 ssh2 Jun 12 03:15:09 srv-delegacia sshd[1235]: pam_unix(sshd:session): session opened for user svc_backup by (uid=0) Jun 12 03:15:12 srv-delegacia sudo[1240]: svc_backup : TTY=pts/0 ; PWD=/home/svc_backup ; USER=root ; COMMAND=/bin/bash Jun 12 03:15:13 srv-delegacia sudo[1240]: pam_unix(sudo:session): session opened for user root by svc_backup(uid=1005) Jun 12 03:17:44 srv-delegacia sshd[1290]: Accepted password for svc_backup from 10.0.1.15 port 22103 ssh2 Jun 12 03:22:11 srv-delegacia sshd[1310]: Disconnected from user svc_backup 185.220.101.47 port 54410