Linux AS4.0 64bit, 日志中每一秒生成很多 su(pam_unix)...的东西，如何取消？

显示全部楼层 · 2015-3-6 11:57:31

Dec 30 23:59:54 gnd-rac01 su(pam_unix)[26443]: session closed for user oracle
Dec 30 23:59:55 gnd-rac01 su(pam_unix)[26493]: session opened for user oracle by (uid=0)
Dec 30 23:59:55 gnd-rac01 su(pam_unix)[26493]: session closed for user oracle
Dec 30 23:59:55 gnd-rac01 su(pam_unix)[26537]: session opened for user oracle by (uid=0)
Dec 30 23:59:55 gnd-rac01 su(pam_unix)[26537]: session closed for user oracle
Dec 30 23:59:56 gnd-rac01 su(pam_unix)[26587]: session opened for user oracle by (uid=0)
Dec 30 23:59:57 gnd-rac01 su(pam_unix)[26587]: session closed for user oracle
Dec 30 23:59:57 gnd-rac01 su(pam_unix)[26631]: session opened for user oracle by (uid=0)
Dec 30 23:59:57 gnd-rac01 su(pam_unix)[26631]: session closed for user oracle
Dec 30 23:59:58 gnd-rac01 su(pam_unix)[26681]: session opened for user oracle by (uid=0)
Dec 30 23:59:58 gnd-rac01 su(pam_unix)[26681]: session closed for user oracle
Dec 30 23:59:58 gnd-rac01 su(pam_unix)[26725]: session opened for user oracle by (uid=0)
Dec 30 23:59:58 gnd-rac01 su(pam_unix)[26725]: session closed for user oracle
Dec 30 23:59:59 gnd-rac01 su(pam_unix)[26775]: session opened for user oracle by (uid=0)
Dec 30 23:59:59 gnd-rac01 su(pam_unix)[26775]: session closed for user oracle
Dec 30 23:59:59 gnd-rac01 su(pam_unix)[26819]: session opened for user oracle by (uid=0)
Dec 30 23:59:59 gnd-rac01 su(pam_unix)[26819]: session closed for user oracle
Dec 31 00:00:00 gnd-rac01 su(pam_unix)[26869]: session opened for user oracle by (uid=0)
Dec 31 00:00:00 gnd-rac01 su(pam_unix)[26869]: session closed for user oracle
Dec 31 00:00:00 gnd-rac01 su(pam_unix)[26913]: session opened for user oracle by (uid=0)
Dec 31 00:00:00 gnd-rac01 su(pam_unix)[26913]: session closed for user oracle
Dec 31 00:00:01 gnd-rac01 su(pam_unix)[26963]: session opened for user oracle by (uid=0)
Dec 31 00:00:01 gnd-rac01 su(pam_unix)[26963]: session closed for user oracle
Dec 31 00:00:01 gnd-rac01 su(pam_unix)[27009]: session opened for user oracle by (uid=0)
Dec 31 00:00:01 gnd-rac01 su(pam_unix)[27009]: session closed for user oracle
Dec 31 00:00:02 gnd-rac01 su(pam_unix)[27079]: session opened for user oracle by (uid=0)
Dec 31 00:00:02 gnd-rac01 su(pam_unix)[27079]: session closed for user oracle
Dec 31 00:00:02 gnd-rac01 su(pam_unix)[27123]: session opened for user oracle by (uid=0)
Dec 31 00:00:02 gnd-rac01 su(pam_unix)[27123]: session closed for user oracle
Dec 31 00:00:03 gnd-rac01 su(pam_unix)[27185]: session opened for user oracle by (uid=0)
Dec 31 00:00:03 gnd-rac01 su(pam_unix)[27185]: session closed for user oracle
Dec 31 00:00:03 gnd-rac01 su(pam_unix)[27229]: session opened for user oracle by (uid=0)
Dec 31 00:00:03 gnd-rac01 su(pam_unix)[27229]: session closed for user oracle
Dec 31 00:00:04 gnd-rac01 su(pam_unix)[27279]: session opened for user oracle by (uid=0)
Dec 31 00:00:05 gnd-rac01 su(pam_unix)[27279]: session closed for user oracle
Dec 31 00:00:05 gnd-rac01 su(pam_unix)[27323]: session opened for user oracle by (uid=0)
Dec 31 00:00:05 gnd-rac01 su(pam_unix)[27323]: session closed for user oracle
Dec 31 00:00:06 gnd-rac01 su(pam_unix)[27373]: session opened for user oracle by (uid=0)
Dec 31 00:00:06 gnd-rac01 su(pam_unix)[27373]: session closed for user oracle
Dec 31 00:00:06 gnd-rac01 su(pam_unix)[27417]: session opened for user oracle by (uid=0)
Dec 31 00:00:06 gnd-rac01 su(pam_unix)[27417]: session closed for user oracle
Dec 31 00:00:07 gnd-rac01 su(pam_unix)[27467]: session opened for user oracle by (uid=0)
Dec 31 00:00:07 gnd-rac01 su(pam_unix)[27467]: session closed for user oracle
Dec 31 00:00:07 gnd-rac01 su(pam_unix)[27511]: session opened for user oracle by (uid=0)
Dec 31 00:00:07 gnd-rac01 su(pam_unix)[27511]: session closed for user oracle
Dec 31 00:00:08 gnd-rac01 su(pam_unix)[27561]: session opened for user oracle by (uid=0)
Dec 31 00:00:08 gnd-rac01 su(pam_unix)[27561]: session closed for user oracle
Dec 31 00:00:08 gnd-rac01 su(pam_unix)[27605]: session opened for user oracle by (uid=0)

Linux AS4.0 + Oracle10g RAC .
有设置一些crontab ，用于时间同步等。

千问 · 2015-3-6 11:57:31

千问 · 2015-3-6 11:57:31

学习中.
帮顶.

千问 · 2015-3-6 11:57:31

Try 1 :从rac2 生成 authorized_keys 传到rac1，故障依旧
Try 2:因为在root下做同样的配置能成功，怀疑是root用户下的配置干扰了oracle用户下的配置，所以将rac2 的root用户下的配置删除，重起再试，故障依旧
Try 3:通过ftp来传authorized_keys文件到rac2，不成功
Try4:修改/etc/ssh/ssh_config，故障依旧
Try5:观察/var/log/message，由于有下面的输出，以为是由于oracle的主组属于oinstall有问题。将oracle用户加到root组下,重配再试，不成功
root@rac1 $tail -f messages
Nov 27 20:27:16 rac1 sshd(pam_unix)[5766]: session closed for user oracle
Nov 27 20:28:35 rac1 sshd(pam_unix)[5787]: session opened for user oracle by (uid=0)
Nov 27 20:28:35 rac1 sshd(pam_unix)[5787]: session closed for user oracle
Try6: 观察/var/log/secure, 由于有下面的输出”Authentication refused: bad ownership or modes for directory /home/oracle” , 察看/home/oracle的主目录的属性为777, 原来是我以前ftp数据时作的修改，这是ssh不允许的，所以才报错，将其改到700后完全正常。
root@rac1 $tail secure
Nov 27 12:27:19 rac1 sshd[5786]: Failed publickey for oracle from ::ffff:192.168.0.7 port 32862 ssh2
Nov 27 12:28:35 rac1 sshd[5786]: Accepted password for oracle from ::ffff:192.168.0.7 port 32862 ssh2
Nov 27 20:28:35 rac1 sshd[5785]: Accepted password for oracle from ::ffff:192.168.0.7 port 32862 ssh2
Nov 27 20:28:41 rac1 sshd[5806]: Authentication refused: bad ownership or modes for directory /home/oracle
Nov 27 12:28:41 rac1 sshd[5807]: Failed publickey for oracle from ::ffff:192.168.0.7 port 32863 ssh2
简要总结：
1）有日志的服务排错，一定要通过检查日志来分析问题，这个概念必须形成条件反射。
2）linux下的日志文件除了message外，/var/log/secure也很重要。找了几个讲/var/log/secure的帖子。
3）SSH服务的配置成功和相关的文件和文件夹（包括用户的主目录，authorized_keys文件有很大的关系，这点一定要注意。

---------------------------/var/log下日志文件说明------------------------------------
/var/log/secure:登录到系统存取资料的记录；FTP、SSH、TELNET...
/var/log/wtmp：记录登录者讯录，二进制文件，须用last来读取内容
/var/log/messages：杂货铺
/var/log/boot.log：记录开机启动讯息，dmesg | more

千问 · 2015-3-6 11:57:31

Try6: 观察/var/log/secure, 由于有下面的输出”Authentication refused: bad ownership or modes for directory /home/oracle” , 察看/home/oracle的主目录的属性为777, 原来是我以前ftp数据时作的修改，这是ssh不允许的，所以才报错，将其改到700后完全正常。