LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How can I doing Security Audit? (https://www.linuxquestions.org/questions/linux-security-4/how-can-i-doing-security-audit-4175540694/)

hack3rcon 04-25-2015 03:34 AM
How can I doing Security Audit?
 
Hello.
How can I understand which user tried to logging into my Linux Box when I'm not at the desk? Can I find which username and password his entered?

Thank you.

veerain 04-25-2015 04:04 AM
You can view login messages in syslog (/var/log/syslog or something system dependent).

hack3rcon 04-25-2015 05:09 AM
I use Debian and check "syslog" but I can't see anything about username and password that used for enter into the system. Can you show me some special "syntax" or "words" for forward it into "grep" command?

unSpawn 04-25-2015 05:57 AM
Quote:
Originally Posted by hack3rcon (Post 5352802)
How can I understand which user tried to logging into my Linux Box when I'm not at the desk?
Start with
Code:
lastlog; last -wai; lastb; less /var/log/auth.log
and see each commands manual page for nfo.


Quote:
Originally Posted by hack3rcon (Post 5352802)
Can I find which username and password his entered?
User name yes, password no. That would be inappropriate.

hack3rcon 04-25-2015 08:42 AM
Thank you so much.
It is better than nothing :)


All times are GMT -5. The time now is 06:05 PM.