LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-19-2015, 09:47 PM   #1
neo4891
LQ Newbie
 
Registered: Dec 2014
Posts: 12

Rep: Reputation: Disabled
Difference between /var/log/btmp and /var/log/secure


Hi All,

I am looking for difference between /var/log/btmp and /var/log/secure. It seems both stores logs related to authentication.
 
Old 02-20-2015, 01:57 AM   #2
GNU/Linux
Member
 
Registered: Sep 2012
Distribution: Slackware-14
Posts: 118

Rep: Reputation: Disabled
/var/log/btmp keeps track of failed login attempts.
/var/log/secure keeps track of authentication & access info. It just doesn't store info about who logged in on the console but sshd also writes to this file.
 
1 members found this post helpful.
Old 02-20-2015, 08:31 AM   #3
neo4891
LQ Newbie
 
Registered: Dec 2014
Posts: 12

Original Poster
Rep: Reputation: Disabled
Hi GNU,

Authentication should also include "failed login attempts" isnt it?

What is access info, does it mean what data user has accessed ?

Is "sshd" means login attempts through SSH?
 
Old 02-20-2015, 10:27 AM   #4
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,661

Rep: Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256Reputation: 1256
Quote:
Originally Posted by neo4891 View Post
Hi GNU,

Authentication should also include "failed login attempts" isnt it?
yes
Quote:

What is access info, does it mean what data user has accessed ?
It can - but usually doesn't. It depends on the distribution (and configuration) used as to how much information will be available. There are other logs that can report some of that - and the use of SELinux can block/control/audit more information.

Quote:
Is "sshd" means login attempts through SSH?
ssh is only one utility that uses sshd. There is also scp, sshfs, and can be others (rsync can, but it may also use its own service instead).

Logins can also come from other places too - GUI logins, console logins, cron jobs...
 
1 members found this post helpful.
Old 02-20-2015, 02:32 PM   #5
GNU/Linux
Member
 
Registered: Sep 2012
Distribution: Slackware-14
Posts: 118

Rep: Reputation: Disabled
Let me add to what have been told. There are other log files, for example there is /var/log/secure which also includes failed login attempts. I might be wrong but /var/log/btmp is exclusively used for 'failed login attempts' so you don't have to parse other log files to see someone is doing a brute force method to login. You can see the contents of most log files with a pager like 'less'. btmp is a database file so you need last to parse it.

Code:
$ sudo less /var/log/secure
$ sudo last -f /var/log/btmp
'sshd' is Secure Shell daemon. Daemon is a program/service that only lurks in the background and wakes up when a request is passed to it. So if your computer is running 'sshd' then other computers can connect to it using their ssh clients. They can also use scp, sshfs or sftp... These are all part of openssh suite. Now if a client computer connects to your computer's sshd then this access will be recorded in /var/log/secure.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
I accidentally removed all contents of /var/log - please send me your /var/log (OT) syg00 Debian 1 12-16-2012 07:16 AM
[SOLVED] No /var/log/messages , syslog , kern.log -but cat /var/spool/octopussy/octo_fifo masuch Linux - Newbie 4 06-13-2012 08:05 PM
lastb - /var/log/btmp help BraveStarr Linux - Newbie 1 04-17-2012 07:00 PM
Can Samhain log my entries in /var/log/secure and /var/log/mesage to a central server abefroman Linux - Software 2 04-13-2008 04:13 PM
logrotate and /var/log/btmp msteiner Linux - General 1 06-14-2007 08:31 PM


All times are GMT -5. The time now is 07:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration