LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 07-31-2006, 04:24 AM   #1
AmphetaminePhreak
Member
 
Registered: Jul 2006
Location: kinda transient right now. Utah is Home, staying in Ohio
Distribution: Mandrake 9.1/Windows XP
Posts: 46

Rep: Reputation: 15
system logs (specifically for security)


where are they? what are all the logs i should be interested in for security purposes?
 
Old 07-31-2006, 04:42 AM   #2
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 164Reputation: 164
Most logs are found in /var/log (sometimes in /var/adm). Have a look through all of them, but particularly the maillog, messages, secure, syslog and faillog logs. It really depends on what you're running on your box...
 
Old 07-31-2006, 04:59 AM   #3
AmphetaminePhreak
Member
 
Registered: Jul 2006
Location: kinda transient right now. Utah is Home, staying in Ohio
Distribution: Mandrake 9.1/Windows XP
Posts: 46

Original Poster
Rep: Reputation: 15
having a look at these i don't know what i'm looking at.

my syslog has an enteresting record: "Security Warning: World Writable files found." any idea what that means?

also, in the same log 'syslog' there's numerous logs created by my firewall. does that mean anything?

and then another thing, i have under /vars/log/security files about open ports. it's got local addresses and foreign adresses in listen states. only i don't know if it's my system doing the listening for open ports or someone else's.
 
Old 07-31-2006, 06:11 AM   #4
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Quote:
Security Warning: World Writable files found
This basically says that your system has found some files with write permission for "everyone".
Files and directories have specific permissions for the owner, group and "everyone else" (also called "world").

So, world writable files are changeable by anyone who accesses your system (your regular users, but also hackers). Obviously, this is a serious computer security hazard.

Either remove the file(s) in question, if you no longer need/use it, or use "chmod" to restrict the file permissions.

If you don't know where the file(s) are, try:
Code:
find / -perm -002
or something like that...
 
Old 07-31-2006, 05:08 PM   #5
gilead
Senior Member
 
Registered: Dec 2005
Location: Brisbane, Australia
Distribution: Slackware64 14.0
Posts: 4,125

Rep: Reputation: 164Reputation: 164
Also, please feel free to post sections of the logs (without passwords, email addresses, etc.) - there are plenty of people here who can help with figuring out what they contain.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
security logs ttumelty Slackware 4 03-09-2006 08:28 AM
Which logs/commands should be checked to monitor network security & access ginda Linux - Security 1 12-17-2005 02:43 AM
mandrake 10 security logs chil326 Linux - Security 1 09-10-2004 07:25 PM
where are the system logs? juanb Linux - General 2 10-18-2003 09:33 AM
Queston about logs, related to security pembo13 Linux - Security 4 09-25-2003 06:16 PM


All times are GMT -5. The time now is 02:39 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration