LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Blogs
User Name
Password

Notices

Old

Running Logwatch in a more portable way

Posted 04-28-2012 at 04:16 AM by unSpawn
Tags logwatch

In the Linux Security forum we often ask victims of (perceived) security breaches to gather log files and parse them for leads using Logwatch. Analysis is best done on a physically separate, known secure machine in a safe network. If left unmodified Logwatch configuration defaults will result in it picking up the machines logs instead of the compromised machines logs. Here is a patch for install_logwatch.sh that will install Logwatch in a temporary directory and prepare it for receiving log files...
Moderator
Posted in Uncategorized
Views 738 Comments 0 unSpawn is offline
Old
Rating: 2 votes, 5.00 average.

Logwatch, webserver logs, PHP malarky

Posted 10-03-2009 at 04:52 AM by unSpawn
Updated 04-01-2012 at 04:18 PM by unSpawn (//Enhanced logwatch/scripts/services/http diff, added Snort ET SID 2010920 rule and fail2ban regex example, fixed commas (thanks leslie_jones).)
Tags logwatch, patch, php

As I'm seeing more questions about (badly coded) web applications spawning rogue processes I wonder why people don't read their logs. Attacks require reconnaissance so keeping an eye on anything that looks like a prelude enables you to take measures. And please spend time updating when updates are released, installing apps properly (like not leaving the installation files around when docs remind you not to), hardening (any IDS, mod_security, Gotroot rulesets, mod_evasive or equivalent, PHPIDS, Suhosin,...
Moderator
Posted in Uncategorized
Views 3541 Comments 0 unSpawn is offline

  



All times are GMT -5. The time now is 11:43 AM.

Main Menu
Advertisement

My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration