LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-30-2004, 01:11 PM   #1
manya
Member
 
Registered: Apr 2004
Posts: 194

Rep: Reputation: 15
HELP me on SSH User login


HI
Guyz

i need some help on SSH user login event, I got Linux 7.3 i want to monitor SSH user login alert through SNMP .

I heard that i have to make changes in Syslog.conf, my concern is whenever normal user (uid above 500) logs in i should get alert or Trap should get generated and send it to Monitoring software.

Also i got Kiwi syslog as my syslog server

kindly provide help on this???????????


Thanks in advance

Manya
 
Old 05-03-2004, 04:56 PM   #2
kvedaa
Member
 
Registered: Mar 2004
Location: Virginia
Distribution: PacketProtector
Posts: 331

Rep: Reputation: 30
I have to admit that I was not familar with Kiwi syslog (I had to goggle it to find out what it was). But from what I see, in addition to being able to process SNMP trags, it should be able to handle direct forwarding of syslog data.

From what I gather from your post, you are intereted in ssh logging information. If I recall correctly most distributions default ssh to log to syslog for basic information. You can confirm this by looking at the /etc/ssh/sshd_config file, the 'LogLevel' is likely set to INFO

(for more info see: http://www.csuglab.cornell.edu/cgi-b...ic=sshd_config)

Next take a look at your /etc/syslog.conf file, you can set up items of intrest to forward to remote syslog servers. One fairly readable discription of this process can be found at:

http://www.linuxsecurity.com/feature...story-123.html

Note: It only refers to nameing the server in your host file, then refering to it by name (after the @ symbol) in the syslog.conf file), but you can if you choose use the destination boxes IP address, although it is not as clean of a process should you have IP changes to make in the future.

If memory serves forwarding 'authpriv' should include information regarding loggin attempts.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
ssh login with normal user, receive: /dev/null: Permission denied mark78301 Red Hat 3 11-12-2005 10:20 AM
Add a new SSH login/user Temujin_12 Linux - Networking 2 12-31-2004 11:35 PM
Crazy blank dialog boxes and windows at login. Can't login as user soren625 Linux - General 2 08-11-2004 07:30 AM
how can i restrick user to login with ssh? davidrios Linux - Networking 1 04-27-2004 06:59 PM
SSH login problem - cannot choose user atom Linux - Networking 2 02-29-2004 12:53 PM


All times are GMT -5. The time now is 12:40 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration