Log:
Aug 23 15:03:15 localhost snmpd[1044]: Connection from UDP: [184.105.139.67]:56915->[65.255.32.25]
Aug 23 15:12:46 localhost /sbin/mingetty[5030]: tty1: invalid character 0x1b in login name
Aug 23 15:12:47 localhost init: tty (/dev/tty1) main process (5030) killed by TERM signal
Aug 23 15:12:47 localhost init: tty (/dev/tty2) main process (5032) killed by TERM signal
Aug 23 15:12:47 localhost monit[917]: Shutting down monit HTTP server
Aug 23 15:12:47 localhost monit[917]: monit HTTP server stopped
Aug 23 15:12:47 localhost monit[917]: monit daemon with pid [917] killed
Aug 23 15:12:47 localhost monit[917]: 'vm-10-111-80-31' Monit stopped
Aug 23 15:12:47 localhost snmpd[1044]: Received TERM or STOP signal... shutting down...
Aug 23 15:12:48 localhost acpid: exiting
原因:
虚拟机通过VNC连接进行非法操作。
解决办法:
从交换和防火墙的ACL控制IP访问。
修改IPtables配置规则,屏蔽端口访问。
为vnc增加访问密码。