質問編集履歴
2
追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -65,3 +65,85 @@
|
|
65
65
|
ssh アクセスした覚えのない時間帯に上記ログがあります。
|
66
66
|
|
67
67
|
私のパスワードと秘密鍵が漏洩したか、別のユーザが作られて、それで侵入されているのでしょうか?
|
68
|
+
|
69
|
+
|
70
|
+
|
71
|
+
#追記2 CloudWatch Agent
|
72
|
+
|
73
|
+
https://docs.aws.amazon.com/ja_jp/AmazonCloudWatch/latest/monitoring/install-CloudWatch-Agent-commandline-fleet.html
|
74
|
+
|
75
|
+
を参考に Agent 入れてみたのですけど、
|
76
|
+
|
77
|
+
```
|
78
|
+
|
79
|
+
sudo /opt/aws/amazon-cloudwatch-agent/bin/amazon-cloudwatch-agent-ctl -a fetch-config -m ec2 -c file:/opt/aws/amazon-cloudwatch-agent/etc/common-config.toml -s
|
80
|
+
|
81
|
+
```
|
82
|
+
|
83
|
+
が
|
84
|
+
|
85
|
+
```
|
86
|
+
|
87
|
+
2020/04/03 13:58:06 Reading json config file path: /opt/aws/amazon-cloudwatch-agent/etc/amazon-cloudwatch-agent.d/file_common-config.toml.tmp ...
|
88
|
+
|
89
|
+
2020/04/03 13:58:06 Invalid json format, please check. Reason: invalid character '#' looking for beginning of value
|
90
|
+
|
91
|
+
2020/04/03 13:58:06 I! AmazonCloudWatchAgent Version 1.237768.0.
|
92
|
+
|
93
|
+
2020/04/03 13:58:06 Configuration validation first phase failed. Agent version: 1.237768.0. Verify the JSON input is only using features supported by this version.
|
94
|
+
|
95
|
+
```
|
96
|
+
|
97
|
+
と表示され実行できません。
|
98
|
+
|
99
|
+
```common-config.toml
|
100
|
+
|
101
|
+
# This common-config is used to configure items used for both ssm and cloudwatch access
|
102
|
+
|
103
|
+
|
104
|
+
|
105
|
+
|
106
|
+
|
107
|
+
## Configuration for shared credential.
|
108
|
+
|
109
|
+
## Default credential strategy will be used if it is absent here:
|
110
|
+
|
111
|
+
## Instance role is used for EC2 case by default.
|
112
|
+
|
113
|
+
## AmazonCloudWatchAgent profile is used for onPremise case by default.
|
114
|
+
|
115
|
+
[credentials]
|
116
|
+
|
117
|
+
# shared_credential_profile = "{profile_name}"
|
118
|
+
|
119
|
+
shared_credential_file = "/root/.aws/credentials"
|
120
|
+
|
121
|
+
|
122
|
+
|
123
|
+
|
124
|
+
|
125
|
+
## Configuration for proxy.
|
126
|
+
|
127
|
+
## System-wide environment-variable will be read if it is absent here.
|
128
|
+
|
129
|
+
## i.e. HTTP_PROXY/http_proxy; HTTPS_PROXY/https_proxy; NO_PROXY/no_proxy
|
130
|
+
|
131
|
+
## Note: system-wide environment-variable is not accessible when using ssm run-command.
|
132
|
+
|
133
|
+
## Absent in both here and environment-variable means no proxy will be used.
|
134
|
+
|
135
|
+
# [proxy]
|
136
|
+
|
137
|
+
# http_proxy = "{http_url}"
|
138
|
+
|
139
|
+
# https_proxy = "{https_url}"
|
140
|
+
|
141
|
+
# no_proxy = "{domain}"
|
142
|
+
|
143
|
+
|
144
|
+
|
145
|
+
# [ssl]
|
146
|
+
|
147
|
+
# ca_bundle_path = "{ca_bundle_file_path}"
|
148
|
+
|
149
|
+
```
|
1
追記
test
CHANGED
File without changes
|
test
CHANGED
@@ -41,3 +41,27 @@
|
|
41
41
|
やり方が間違っている・足りないことなどがありましたらご教示ください。
|
42
42
|
|
43
43
|
また、別のやり方がある場合もご教示ください。
|
44
|
+
|
45
|
+
|
46
|
+
|
47
|
+
#追記 messageログ
|
48
|
+
|
49
|
+
```
|
50
|
+
|
51
|
+
Mar 31 15:01:01 linming systemd: Created slice User Slice of root.
|
52
|
+
|
53
|
+
Mar 31 15:01:01 linming systemd: Starting User Slice of root.
|
54
|
+
|
55
|
+
Mar 31 15:01:01 linming systemd: Started Session 748 of user root.
|
56
|
+
|
57
|
+
Mar 31 15:01:01 linming systemd: Starting Session 748 of user root.
|
58
|
+
|
59
|
+
Mar 31 15:01:01 linming systemd: Removed slice User Slice of root.
|
60
|
+
|
61
|
+
Mar 31 15:01:01 linming systemd: Stopping User Slice of root.
|
62
|
+
|
63
|
+
```
|
64
|
+
|
65
|
+
ssh アクセスした覚えのない時間帯に上記ログがあります。
|
66
|
+
|
67
|
+
私のパスワードと秘密鍵が漏洩したか、別のユーザが作られて、それで侵入されているのでしょうか?
|