Need to know authentication failure attempts and forward them to another machine FC11
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Need to know authentication failure attempts and forward them to another machine FC11
Hello,
I need to know where i can see(which is the file) all the login failures in my fedora core 11. Secondly i need to forward those logs to another Linux machine. What changes i need to do in which file.
I need to know where i can see(which is the file) all the login failures in my fedora core 11. Secondly i need to forward those logs to another Linux machine. What changes i need to do in which file.
Regards,
RAHEEL.
They're probably in /var/log/messages. If not, reference any one of the many syslog configuration guides for Linux, to make sure the messages are going to that file. You can also configure syslog to write those messages to whatever file you want, too.
After that, just mirror your syslogs to another server, by putting the correct option in the syslog configuration file, usually something like
Well i checked by adding,
*.auth <remote server ip address>
but it did not work then i tried
*.* @<remote server ip address>
which worked. I have seen the messages using tcpdump -i eth0 that are going towards the syslog server where i have to store them, but the problem is that they are not present at the server the ip of my server is 192.168.0.3 and my IP is 192.168.0.4.
For the lastb i checked it trying openeing (/var/log/wtmp
/var/log/btmp) these file but it says that they are binary files.
Well i checked by adding,
*.auth <remote server ip address>
but it did not work then i tried
*.* @<remote server ip address>
which worked. I have seen the messages using tcpdump -i eth0 that are going towards the syslog server where i have to store them, but the problem is that they are not present at the server the ip of my server is 192.168.0.3 and my IP is 192.168.0.4.
For the lastb i checked it trying openeing (/var/log/wtmp
/var/log/btmp) these file but it says that they are binary files.
Regards,
You have to use last to view wtmp and btmp:
Code:
last /var/log/wtmp
So you can make a shell script"
Code:
#!/bin/bash
last /var/log/wtmp >>/var/log/wtmp.txt
rsync /var/log/wtmp newip:/var/log/
If your just looking for failed logins, those would probably be in /var/log/messages and /var/log/secure
You can log remotely, and securely with rsyslogd, which should already be on your FC11. syslog does not send the logs encrypted by default.
Well i checked by adding,
*.auth <remote server ip address>
but it did not work then i tried
*.* @<remote server ip address>
which worked. I have seen the messages using tcpdump -i eth0 that are going towards the syslog server where i have to store them, but the problem is that they are not present at the server the ip of my server is 192.168.0.3 and my IP is 192.168.0.4.
For the lastb i checked it trying openeing (/var/log/wtmp
/var/log/btmp) these file but it says that they are binary files.
Regards,
Right, and they won't be until you configure syslog on your remote server, to ACCEPT the incoming messages, and log them.
Again, read the documentation on syslog/syslog-ng, which has complete descriptions on how to set up everything you're trying to do.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
