system logs (specifically for security)
where are they? what are all the logs i should be interested in for security purposes?
|
Most logs are found in /var/log (sometimes in /var/adm). Have a look through all of them, but particularly the maillog, messages, secure, syslog and faillog logs. It really depends on what you're running on your box...
|
having a look at these i don't know what i'm looking at.
my syslog has an enteresting record: "Security Warning: World Writable files found." any idea what that means? also, in the same log 'syslog' there's numerous logs created by my firewall. does that mean anything? and then another thing, i have under /vars/log/security files about open ports. it's got local addresses and foreign adresses in listen states. only i don't know if it's my system doing the listening for open ports or someone else's. |
Quote:
Files and directories have specific permissions for the owner, group and "everyone else" (also called "world"). So, world writable files are changeable by anyone who accesses your system (your regular users, but also hackers). Obviously, this is a serious computer security hazard. Either remove the file(s) in question, if you no longer need/use it, or use "chmod" to restrict the file permissions. If you don't know where the file(s) are, try: Code:
find / -perm -002 |
Also, please feel free to post sections of the logs (without passwords, email addresses, etc.) - there are plenty of people here who can help with figuring out what they contain.
|
All times are GMT -5. The time now is 03:45 PM. |