adrianTNT's questions

在PHP 7.3.33我Apache 2.4想从 PHP（Web 服务器环境）运行 iptables 以阻止/取消阻止 IP，从命令行，这工作正常：

/usr/sbin/iptables --insert INPUT --source example.com --jump DROP

但是如果我用这段代码从 PHP 尝试：

exec('/usr/sbin/iptables --insert INPUT --source example.com --jump DROP', $return);
print_r($return);

我得到一个空白结果并且未添加 iptables 规则：

Array
(
)

但是，iptables 路径似乎正确并且 iptables 运行，因为--help命令返回内容，那么为什么上面的命令不起作用？

exec('/usr/sbin/iptables --help', $return);
print_r($return);

Array
(
    [0] => iptables v1.8.4
    [1] => 
    [2] => Usage: iptables -[ACD] chain rule-specification [options]
    [3] =>  iptables -I chain [rulenum] rule-specification [options]
    [4] =>  iptables -R chain rulenum rule-specification [options]
    [5] =>  iptables -D chain rulenum [options]
    [6] =>  iptables -[LS] [chain [rulenum]] [options]
    [7] =>  iptables -[FZ] [chain] [options]
    [8] =>  iptables -[NX] chain
    [9] =>  iptables -E old-chain-name new-chain-name
    [10] =>     iptables -P chain target [options]
    [11] =>     iptables -h (print this help information)
    [12] => 
    [13] => Commands:
    [14] => Either long or short options are allowed.
    [15] =>   --append  -A chain        Append to chain
    [16] =>   --check   -C chain        Check for the existence of a rule
    [17] =>   --delete  -D chain        Delete matching rule from chain
    [18] =>   --delete  -D chain rulenum
    [19] =>                 Delete rule rulenum (1 = first) from chain
    [20] =>   --insert  -I chain [rulenum]
    [21] =>                 Insert in chain as rulenum (default 1=first)
    [22] =>   --replace -R chain rulenum
    [23] =>                 Replace rule rulenum (1 = first) in chain
    [24] =>   --list    -L [chain [rulenum]]
    [25] =>                 List the rules in a chain or all chains
    [26] =>   --list-rules -S [chain [rulenum]]
    [27] =>                 Print the rules in a chain or all chains
    [28] =>   --flush   -F [chain]      Delete all rules in  chain or all chains
    [29] =>   --zero    -Z [chain [rulenum]]
    [30] =>                 Zero counters in chain or all chains
    [31] =>   --new     -N chain        Create a new user-defined chain
    [32] =>   --delete-chain
    [33] =>          -X [chain]     Delete a user-defined chain
    [34] =>   --policy  -P chain target
    [35] =>                 Change policy on chain to target
    [36] =>   --rename-chain
    [37] =>          -E old-chain new-chain
    [38] =>                 Change chain name, (moving any references)
    [39] => Options:
    [40] =>     --ipv4  -4      Nothing (line is ignored by ip6tables-restore)
    [41] =>     --ipv6  -6      Error (line is ignored by iptables-restore)
    [42] => [!] --proto -p proto    protocol: by number or name, eg. `tcp'
    [43] => [!] --source    -s address[/mask][...]
    [44] =>                 source specification
    [45] => [!] --destination -d address[/mask][...]
    [46] =>                 destination specification
    [47] => [!] --in-interface -i input name[+]
    [48] =>                 network interface name ([+] for wildcard)
    [49] =>  --jump -j target
    [50] =>                 target for rule (may load target extension)
    [51] =>   --goto      -g chain
    [52] =>                    jump to chain with no return
    [53] =>   --match   -m match
    [54] =>                 extended match (may load extension)
    [55] =>   --numeric -n      numeric output of addresses and ports
    [56] => [!] --out-interface -o output name[+]
    [57] =>                 network interface name ([+] for wildcard)
    [58] =>   --table   -t table    table to manipulate (default: `filter')
    [59] =>   --verbose -v      verbose mode
    [60] =>   --wait    -w [seconds]    maximum wait to acquire xtables lock before give up
    [61] =>   --wait-interval -W [usecs]    wait time to try to acquire xtables lock
    [62] =>                 default is 1 second
    [63] =>   --line-numbers        print line numbers when listing
    [64] =>   --exact   -x      expand numbers (display exact values)
    [65] => [!] --fragment  -f      match second or further fragments only
    [66] =>   --modprobe=<command>      try to insert modules using this command
    [67] =>   --set-counters PKTS BYTES set the counter during insert/append
    [68] => [!] --version   -V      print package version.
)

我有一个 Nginx 缓存服务器从源服务器获取内容，源服务器设置Cache-Control为，Public因此我的 Nginx 缓存服务器可以缓存内容并减少对源的请求。但是在为用户提供服务时，我不希望它再发送缓存Public，而是将其设置为Private其他人（在此网络之外）无法缓存或修改它。

我仍然需要它通过 max-age 并尝试通过发送的自定义标头来做到这一点，但if条件失败。

仅此一项就可以了：

add_header Cache-Control "private, max-age=$upstream_http_adr_private_cache_seconds";

这种情况失败

if ($upstream_http_adr_private_cache_seconds) {

    add_header Cache-Control "private, max-age=$upstream_http_adr_private_cache_seconds";

}

但是这个测试也失败了：

if ($upstream_http_adr_private_cache_seconds) {

    return 404;

}

我究竟做错了什么 ？还是有另一种方法来改变publicto private？

我将此 nginx 服务器配置为缓存/反向代理example.com，www.example.com从 mysource.example.com 获取数据

它在浏览器中似乎工作正常，但我注意到谷歌排名显着下降，当我用 wget 测试 URL 时，我得到一个无限循环。

# test without www , getting infinite loop
wget --header="Host: example.com" http://[SERVER IP]/file.html


Location: https://www.example.com/file.html [following]
--2020-02-07 21:43:14--  https://www.example.com/file.html
Reusing existing connection to www.example.com:443.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.example.com/file.html [following]
20 redirections exceeded.
^^^ RIGHT HERE !!!

# but with www it works OK:
wget --header="Host: www.example.com" http://[SERVER IP]/file.html


HTTP request sent, awaiting response... 200 OK
Length: 1307 (1.3K) [text/plain]
Saving to: ‘file.html’

我想我需要host在从非 www 到 www 的重定向中指定另一个？！

或者这只是一个wget 的事情，因为它通常应该在第一次重定向时切换到 www.example.com，但它使非 www 主机不受 nginx 命令的影响？

# redirect http to https
server {
    listen 80;
    server_name example.com;
    server_name www.example.com;

    proxy_set_header Host      www.example.com
    return 301 https://www.example.com$request_uri;
}


# and redirect non www to www
server {
    listen 443 ssl http2;
    server_name example.com;

    proxy_set_header Host      www.example.com;
    return 301 https://www.example.com$request_uri;
}


# main server, SSL
server {

    listen       443 ssl http2;
    server_name  www.example.com;

    location / {

            proxy_pass       http://mysource.example.com:81;

            proxy_set_header Host      www.example.com;

            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

            proxy_cache             nginx_ramdisk_cache;
    }



} # end of server

我不知道这是一个错误还是我错误地定义了缓存，我有一个 nginx 缓存（反向代理）服务器，由 2 个不同的域（mydomain1.com和mydomain2.com）使用，不同的内容，而不是别名域。

我定义了一个缓存，然后在 nginx 中定义了两个域/虚拟主机并将其设置为使用该缓存，两个域都从同一源服务器获取数据，但它们将不同的虚拟主机传递给源服务器，因此它们获取正确的内容。

问题是 nginx 似乎混合了两台服务器上的缓存，访问一个主页显示另一台的缓存主页。

我需要为每个 vhost 定义一个单独的缓存吗？

NGINX 不应该也将虚拟主机与每个请求相关联吗？它似乎只是关联了一个源服务器、端口等。

这是缓存主页的头部，显示两个虚拟主机之间没有任何区别：

KEY: http://source.example.com:81/
HTTP/1.1 200 OK
Date: Sun, 02 Feb 2020 00:54:33 GMT
Server: Apache/2.4.6 (CentOS) mpm-itk/2.4.7-04 OpenSSL/1.0.2k-fips PHP/5.4.16
X-Powered-By: PHP/5.4.16
Expires: Sun, 02 Feb 2020 02:54:33 GMT
Cache-Control: public, max-age=7200
X-Mod-Pagespeed: 1.13.35.2-0
Vary: Accept-Encoding

我的 NGINX 缓存设置：

proxy_cache_path /ramdisk/nginx_cache levels=1:2 keys_zone=nginx_ramdisk_cache:512m max_size=3g
                     inactive=30d use_temp_path=off;



# defining domain 1
server {
    [...]
    server_name  mydomain1.com;

    location / {

            proxy_pass       http://source.example.com:81;

            proxy_set_header Host      mydomain1.com;

            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

            proxy_cache             nginx_ramdisk_cache;
    }
}

# defining domain 2
server {
    [...]
    server_name  mydomain2.com;

    location / {

            proxy_pass       http://source.example.com:81;

            proxy_set_header Host      mydomain2.com;

            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;

            proxy_cache             nginx_ramdisk_cache;
    }
}

在源服务器（apache）上，我的 2 个虚拟主机定义如下：

<VirtualHost *:81>
     ServerName mydomain1.com
     DocumentRoot /var/www/html/mydomain1.com
</VirtualHost>


<VirtualHost *:81>
     ServerName mydomain2.com
     DocumentRoot /var/www/html/mydomain2.com
</VirtualHost>

像这样在相同的情况下定义listen（80和 443 ）是否正确server {}？

另一种方法是为server{}我知道可以的每个端口定义两个单独的端口。

server {

    listen       80 default_server;
    server_name  example.com;
    root         /usr/share/nginx/html;

    location / {

    }


    listen example.com:443 ssl; # <<< !!!

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;         
}

我在 apache、site1、site2、site3 中定义了 3 个站点，对于 1 和 2，我从 Let's encrypt 请求 ssl 证书并正常工作，但不适用于站点 3。问题是每当我访问https://site3时，我总是会获得证书从其他网站之一，我认为从第一个定义。

这是apache应该如何工作还是我的配置错误？不确定当我没有定义证书时应该看到什么，也许是一些“无证书”错误？！

/etc/httpd/conf/httpd.conf

# http site 1
<VirtualHost site1.com:80>
        DocumentRoot /var/www/html/site1.com
        ServerName site1.com
        <Directory "/var/www/html/site1.com">
                Require all granted
                DirectoryIndex index.html index.php
        </Directory>
</VirtualHost>


# http site 2
<VirtualHost site2.com:80>
        DocumentRoot /var/www/html/site2.com
        ServerName site2.com
        <Directory "/var/www/html/site2.com">
                Require all granted
                DirectoryIndex index.html index.php
        </Directory>
</VirtualHost>

# http site 3 (only one WITHOUT ANY SSL)
<VirtualHost site3.com:80>
        DocumentRoot /var/www/html/site3.com
        ServerName site3.com
        <Directory "/var/www/html/site3.com">
                Require all granted
                DirectoryIndex index.html index.php
        </Directory>
</VirtualHost>

Include /etc/httpd/conf/httpd-le-ssl.conf >>>>>>>

/etc/httpd/conf/httpd-le-ssl.conf

# SSL site 1
<IfModule mod_ssl.c>
<VirtualHost site1.com:443>
        DocumentRoot /var/www/html/site1.com
        ServerName site1.com
        <Directory "/var/www/html/site1.com">
                Require all granted
                DirectoryIndex index.html index.php
        </Directory>

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.site1.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.site1.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.site1.com/chain.pem
</VirtualHost>
</IfModule>

# SSL site 2
<IfModule mod_ssl.c>
<VirtualHost site2.com:443>
        DocumentRoot /var/www/html/site2.com
        ServerName site2.com
        <Directory "/var/www/html/site2.com">
                Require all granted
                DirectoryIndex index.html index.php
        </Directory>

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/www.site2.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/www.site2.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/www.site2.com/chain.pem
</VirtualHost>
</IfModule>

我在我的域上有一个电子邮件帐户，例如[email protected] 在我的专用服务器 mysite.com 上，我重定向来自[email protected] to [email protected]

现在，如果外部用户喜欢[email protected]向我发送电子邮件[email protected]，它会正确登陆 Gmail，但在垃圾邮件和 Gmail 标头中显示 SPF 失败，因为example.com没有指定mysite.com为允许的发件人。

对此我能做些什么吗？这听起来不对，mysite.com不应该声称正在发送电子邮件[email protected]，它应该只是以某种方式标记为重定向（from [email protected] to [email protected]）。

[email protected]当我从to发送电子邮件[email protected]并使用这种VERP退回格式时[email protected]

这个反弹是发送到发送域的 DNS 记录中的邮件服务器，还是发送回发送邮件的邮件服务器的 IP 地址？

为了运行游戏服务器 (minecraft)，我通过在 CentOS 中运行以下命令来启动它：

java -Xms512M -Xmx1G -jar minecraft_server.jar

但我不知道如何停止运行这个文件。我假设它有自己的内部命令，但考虑到它可能在后台启动并运行很长时间，我该如何停止这个 Java 命令？

谢谢你。

服务器每月在 UDP 端口上产生超过 600GB 的流量（而 http 低于 1GB），所以我运行 tcpdump 命令，我看到许多（超过 10/秒左右）快速 dns 相关命令/流量，如下所示：

12:34:29.829750 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.829834 IP6 fe80::b9a5:34dd:a661:c8b2.dhcpv6-client > ff02::1:2.dhcpv6-server: dhcp6 solicit
12:34:29.829974 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.830523 IP localhost.localdomain.33178 > nscache2.leaseweb.net.domain: 41458+ PTR? 2.b.8.c.1.6.6.a.d.d.4.3.5.a.9.b.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa. (90)
12:34:29.831602 IP nscache2.leaseweb.net.domain > localhost.localdomain.33178: 41458 NXDomain* 0/1/0 (125)
12:34:29.831624 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.833134 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postlady.ripe.net. 250, MX postgirl.ripe.net. 200, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS tinnie.arin.net., NS sec1.apnic.net., NS ns3.nic.fr., NS sec3.apnic.net., NS sns-pb.isc.org., NS pri.authdns.ripe.net. (3560)
12:34:29.833834 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postgirl.ripe.net. 200, MX postlady.ripe.net. 250, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS ns3.nic.fr., NS sec3.apnic.net., NS pri.authdns.ripe.net., NS tinnie.arin.net., NS sns-pb.isc.org., NS sec1.apnic.net. (3560)
12:34:29.834160 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postlady.ripe.net. 250, MX postgirl.ripe.net. 200, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS pri.authdns.ripe.net., NS ns3.nic.fr., NS sec1.apnic.net., NS tinnie.arin.net., NS sns-pb.isc.org., NS sec3.apnic.net. (3560)
12:34:29.836179 IP 145.97.20.167.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.836879 IP localhost.localdomain.domain > 145.97.20.167.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postgirl.ripe.net. 200, MX postlady.ripe.net. 250, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS tinnie.arin.net., NS pri.authdns.ripe.net., NS sec3.apnic.net., NS sec1.apnic.net., NS sns-pb.isc.org., NS ns3.nic.fr. (3560)
12:34:29.839662 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.839932 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.840673 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.840868 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postlady.ripe.net. 250, MX postgirl.ripe.net. 200, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS sec1.apnic.net., NS pri.authdns.ripe.net., NS sec3.apnic.net., NS sns-pb.isc.org., NS ns3.nic.fr., NS tinnie.arin.net. (3560)
12:34:29.840929 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.844602 IP avo.net.domain > localhost.localdomain.domain: 952+ [1au] ANY? ripe.net. (38)
12:34:29.845102 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postgirl.ripe.net. 200, MX postlady.ripe.net. 250, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS sns-pb.isc.org., NS sec3.apnic.net., NS sec1.apnic.net., NS ns3.nic.fr., NS pri.authdns.ripe.net., NS tinnie.arin.net. (3560)
12:34:29.845343 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postlady.ripe.net. 250, MX postgirl.ripe.net. 200, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS sec1.apnic.net., NS pri.authdns.ripe.net., NS ns3.nic.fr., NS sns-pb.isc.org., NS sec3.apnic.net., NS tinnie.arin.net. (3560)
12:34:29.845549 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postgirl.ripe.net. 200, MX postlady.ripe.net. 250, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS sec3.apnic.net., NS ns3.nic.fr., NS pri.authdns.ripe.net., NS sec1.apnic.net., NS tinnie.arin.net., NS sns-pb.isc.org. (3560)
12:34:29.845804 IP localhost.localdomain.domain > avo.net.domain: 952$ 26/7/13 RRSIG, NSEC, RRSIG, MX postlady.ripe.net. 250, MX postgirl.ripe.net. 200, RRSIG, RRSIG, AAAA 2001:67c:2e8:22::c100:68b, RRSIG, A 193.0.6.139, RRSIG, SOA, RRSIG, DNSKEY, DNSKEY, DNSKEY, DNSKEY, RRSIG, DS, DS, NS ns3.nic.fr., NS sec1.apnic.net., NS tinnie.arin.net., NS sec3.apnic.net., NS sns-pb.isc.org., NS pri.authdns.ripe.net. (3560)

• 我不认识像 avo.net.domain/postgirl/postlady 这样的域，只是“leaseweb.net”，leaseweb 是我的托管服务提供商。
• 服务器 ip 是 82.192.75.xxx（以防如上所示）。

我托管了 200 多个域，但我怀疑某些外部用户/服务器正在查询或攻击导致所有 UDP 流量的 DNS 服务。

我想我通过设置错误的查询或递归值错误配置了 named.conf。服务器的目的是在此服务器上托管大约 200 个域，它不是专用 DNS，也没有链接到其他外部服务器或服务。

我应该在此 named.conf 中更改什么？我应该用“localhosts”或“localnets”替换“any”吗？谢谢你。

绑定 9.8.2rc1-RedHat-9.8.2-0.10.rc1.el6_3.1

options {
        // listen-on port 53 { 127.0.0.1; };
        listen-on port 53 { any; };

        // listen-on-v6 port 53 { ::1; };
        listen-on-v6 port 53 { any; };

        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";

        // allow-query     { localhost; };
        allow-query {
                any;
                };

        recursion yes;

        dnssec-enable yes;
        dnssec-validation yes;
        dnssec-lookaside auto;

        /* Path to ISC DLV key */
        bindkeys-file "/etc/named.iscdlv.key";

        managed-keys-directory "/var/named/dynamic";
};

logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};

zone "." IN {
        type hint;
        file "named.ca";
};

include "/etc/named.rfc1912.zones";
include "/etc/named.root.key";

// some includes here that contain zones like this:
zone "coilover.info" IN {
    type master;
    file "/var/named/named_include/coilover.info";
    allow-update { none; };
};

有人能说出这是什么意思吗？我尝试了一个类似lastb查看上次用户登录的命令，我看到了一些来自中国的奇怪登录（服务器是欧盟，我在欧盟）。我想知道这些是登录尝试还是成功登录？

这些似乎很旧，通常我只将端口 22 锁定到我的 IP，我想我已经打开了一段时间的端口，最后一个日志是在 7 月。

root     ssh:notty    222.92.89.xx     Sat Jul  9 12:26 - 12:26  (00:00)
root     ssh:notty    222.92.89.xx     Sat Jul  9 12:04 - 12:04  (00:00)
oracle   ssh:notty    222.92.89.xx     Sat Jul  9 11:43 - 11:43  (00:00)
gary     ssh:notty    222.92.89.xx     Sat Jul  9 11:22 - 11:22  (00:00)
root     ssh:notty    222.92.89.xx     Sat Jul  9 11:01 - 11:01  (00:00)
gt05     ssh:notty    222.92.89.xx     Sat Jul  9 10:40 - 10:40  (00:00)
admin    ssh:notty    222.92.89.xx     Sat Jul  9 10:18 - 10:18  (00:00)