質問編集履歴

2

追記

2020/04/03 05:23

投稿

lin.ming
lin.ming

スコア50

test CHANGED
File without changes
test CHANGED
@@ -65,3 +65,85 @@
65
65
  ssh アクセスした覚えのない時間帯に上記ログがあります。
66
66
 
67
67
  私のパスワードと秘密鍵が漏洩したか、別のユーザが作られて、それで侵入されているのでしょうか?
68
+
69
+
70
+
71
+ #追記2 CloudWatch Agent
72
+
73
+ https://docs.aws.amazon.com/ja_jp/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html
74
+
75
+ を参考に Agent 入れてみたのですけど、
76
+
77
+ ```
78
+
79
+ sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/common-config.toml -s
80
+
81
+ ```
82
+
83
+
84
+
85
+ ```
86
+
87
+ 2020/04/03 13:58:06 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/file_common-config.toml.tmp ...
88
+
89
+ 2020/04/03 13:58:06 Invalid json format, please check. Reason: invalid character '#' looking for beginning of value
90
+
91
+ 2020/04/03 13:58:06 I! AmazonCloudWatchAgent Version 1.237768.0.
92
+
93
+ 2020/04/03 13:58:06 Configuration validation first phase failed. Agent version: 1.237768.0. Verify the JSON input is only using features supported by this version.
94
+
95
+ ```
96
+
97
+ と表示され実行できません。
98
+
99
+ ```common-config.toml
100
+
101
+ # This common-config is used to configure items used for both ssm and cloudwatch access
102
+
103
+
104
+
105
+
106
+
107
+ ## Configuration for shared credential.
108
+
109
+ ## Default credential strategy will be used if it is absent here:
110
+
111
+ ## Instance role is used for EC2 case by default.
112
+
113
+ ## AmazonCloudWatchAgent profile is used for onPremise case by default.
114
+
115
+ [credentials]
116
+
117
+ # shared_credential_profile = "{profile_name}"
118
+
119
+ shared_credential_file = "/root/.aws/credentials"
120
+
121
+
122
+
123
+
124
+
125
+ ## Configuration for proxy.
126
+
127
+ ## System-wide environment-variable will be read if it is absent here.
128
+
129
+ ## i.e. HTTP_PROXY/http_proxy; HTTPS_PROXY/https_proxy; NO_PROXY/no_proxy
130
+
131
+ ## Note: system-wide environment-variable is not accessible when using ssm run-command.
132
+
133
+ ## Absent in both here and environment-variable means no proxy will be used.
134
+
135
+ # [proxy]
136
+
137
+ # http_proxy = "{http_url}"
138
+
139
+ # https_proxy = "{https_url}"
140
+
141
+ # no_proxy = "{domain}"
142
+
143
+
144
+
145
+ # [ssl]
146
+
147
+ # ca_bundle_path = "{ca_bundle_file_path}"
148
+
149
+ ```

1

追記

2020/04/03 05:23

投稿

lin.ming
lin.ming

スコア50

test CHANGED
File without changes
test CHANGED
@@ -41,3 +41,27 @@
41
41
  やり方が間違っている・足りないことなどがありましたらご教示ください。
42
42
 
43
43
  また、別のやり方がある場合もご教示ください。
44
+
45
+
46
+
47
+ #追記 messageログ
48
+
49
+ ```
50
+
51
+ Mar 31 15:01:01 linming systemd: Created slice User Slice of root.
52
+
53
+ Mar 31 15:01:01 linming systemd: Starting User Slice of root.
54
+
55
+ Mar 31 15:01:01 linming systemd: Started Session 748 of user root.
56
+
57
+ Mar 31 15:01:01 linming systemd: Starting Session 748 of user root.
58
+
59
+ Mar 31 15:01:01 linming systemd: Removed slice User Slice of root.
60
+
61
+ Mar 31 15:01:01 linming systemd: Stopping User Slice of root.
62
+
63
+ ```
64
+
65
+ ssh アクセスした覚えのない時間帯に上記ログがあります。
66
+
67
+ 私のパスワードと秘密鍵が漏洩したか、別のユーザが作られて、それで侵入されているのでしょうか?