Answer the question
In order to leave comments, you need to log in
A
A
Anton18632021-06-24 13:32:37
Anton1863, 2021-06-24 13:32:37
How to decrypt sssd logs?
Early in the morning, an outsider entered the server under root via ssh, literally for 7 minutes. Authorization worked without brute force, as if they knew the password. I can't find any traces yet.
The only thing is that logs appeared in /var/log/sssd exactly at the time when an outsider came in, can anyone tell me what they could do through sssd?
2 answer(s)
@vitaly_il1
@CityCat4
V
Vitaly Karasik, 2021-06-25 @vitaly_il1
sssd is one of the services that can be used for authorization and authentication.
I'm not sure that this will help to understand how they entered. But take a look and send us if you want - it's quite a text format.
What they did can be understood from /etc/passwd, etc.
C
CityCat4, 2021-06-25 @CityCat4
sssd is a service that allows you to perform authentication and authorization using various information sources (AD, LDAP, etc). Usually used to connect to a Windows domain if it is impossible / unwilling to install samba.
I'm not sure if there is anything valuable in the default logs, but of course, if you want, you can post an anonymized version
Similar questions
J
A
V
vikarti2014-10-09 17:19:54
How to detect which process is actively using the disk on Synology?
2Reply
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question