LinuxAnswers - the LQ Linux tutorial section.
Go Back > Blogs
User Name



Running Logwatch in a more portable way

Posted 04-28-2012 at 05:16 AM by unSpawn
Tags logwatch

In the Linux Security forum we often ask victims of (perceived) security breaches to gather log files and parse them for leads using Logwatch. Analysis is best done on a physically separate, known secure machine in a safe network. If left unmodified Logwatch configuration defaults will result in it picking up the machines logs instead of the compromised machines logs. Here is a patch for that will install Logwatch in a temporary directory and prepare it for receiving log files...
Posted in Uncategorized
Views 1023 Comments 0 unSpawn is offline
Rating: 2 votes, 5.00 average.

Logwatch, webserver logs, PHP malarky

Posted 10-03-2009 at 05:52 AM by unSpawn
Updated 04-01-2012 at 05:18 PM by unSpawn (//Enhanced logwatch/scripts/services/http diff, added Snort ET SID 2010920 rule and fail2ban regex example, fixed commas (thanks leslie_jones).)
Tags logwatch, patch, php

As I'm seeing more questions about (badly coded) web applications spawning rogue processes I wonder why people don't read their logs. Attacks require reconnaissance so keeping an eye on anything that looks like a prelude enables you to take measures. And please spend time updating when updates are released, installing apps properly (like not leaving the installation files around when docs remind you not to), hardening (any IDS, mod_security, Gotroot rulesets, mod_evasive or equivalent, PHPIDS, Suhosin,...
Posted in Uncategorized
Views 4944 Comments 0 unSpawn is offline


All times are GMT -5. The time now is 10:47 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration