Debian /var/log/secure
Hey I was just wondering after seeing my modem lights going like crazy...
is there suppose to be a /var/log/secure on debian? My server doesn't have one... Code:
localhost:/var/log# ls Thanks, nomb |
Useful Commands
w = who is logged in and what they are doing who = who is logged in last = successful logons, with source ip of sign-on if ssh lastb = unsuccessful logon attempts If you want to see what IP's are currently connected to your box try installing iptraf and have a look at the output. It's an ncurses based command line app. |
Quote:
Quote:
Quote:
Quote:
|
sweet, looking at /etc/syslog.conf shows debian does not use a secure log file. Atleast how I have it setup. The same output is in auth.log however. Thanks for those commands (w, who, last, lastb) I knew the first two but not the second.
I'm not too worried about ssh. I have fail2ban working and it has worked great. I have it set so after 3 bad logins that ip is blocked for 3 hours. I hardened the box as well as I knew how to but I'm still concerned I didn't do a good job. "...you may find anomalous messages in the system or daemon logs, processes running with an unexpected ID, (setuid root binaries or) files in unexpected places, etc, etc." How can you look for this stuff? |
Quote:
|
Sweet thanks.
|
All times are GMT -5. The time now is 07:52 AM. |