[Security Questions] Last Login, how good is this feature for security breach info?
Is there a way to have a secure last login log of who's been logging into the system and/or logging into email accounts?
With being owned so many times I want a sure fire way to track these people. So can the log be offloaded automatically to a secure slice in / or maybe /root ? If so, would the umask of 077 be enough or ? |
Depends on who owns you and how good are they at it. If they get root privileges, nothing is safe, not even in /root.
I said if they know what they are doing, they might trace your logging script and clear the logs. A good thing would be to log to a remote machine, this is rather more secure than logging to a machine that's been compromised. |
If your getting owned multiple times you really need to evaluate what your doing wrong. Are you running any unnecessary services, did you pick a good strong root password and user password? Did you keep up to date on security patches?
|
All times are GMT -5. The time now is 03:47 AM. |