LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-05-2014, 08:37 PM   #1
${i}
LQ Newbie
 
Registered: Jul 2014
Posts: 22

Rep: Reputation: 9
Trouble getting logcheck to run


hello LQ members

I've installed logcheck from the pclinuxos repos. I am using version 1.3.7

I ran logcheck without any parameters and the output said to use this
code to run it.
Code:
su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
I enter my root password and got a error message below

su: Authentication failure

I know my root password and I know for a fact, I entered it correctly but logcheck seems not able to authenticate it.

I even log in as root and tried to run logcheck and I got this message

logcheck should not be run as root. Use su to invoke logcheck:
su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
Or use sudo: sudo -u logcheck logcheck.

I think it's a bug.

Do you know a similar program I could try? Thanks
 
Old 07-06-2014, 01:18 AM   #2
${i}
LQ Newbie
 
Registered: Jul 2014
Posts: 22

Original Poster
Rep: Reputation: 9
Since logcheck didn't work, I've installed logwatch and it work out of the box.

Last edited by ${i}; 07-06-2014 at 01:20 AM.
 
Old 07-06-2014, 03:31 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,666
Blog Entries: 54

Rep: Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952Reputation: 2952
Quote:
Originally Posted by ${i} View Post
Do you know a similar program I could try? Thanks
SEC, the Security Event Correlator, for example?

Indeed Logwatch is the "better" choice compared to logcheck. First of all logcheck was created by the same person that created PortSentry (a tool one should not use as it's deprecated) who then sold his product to a large AV company and subsequently logcheck hasn't been updated in 10 years and ergo the default filters it comes with are old ("not good enough" would be an understatement). Logwatch is maintained, comes with a good set of filters, employs black listing (see any "white listing vs black listing" text for why this is important) and it is easy to add new services.
 
Old 07-06-2014, 04:38 AM   #4
descendant_command
Member
 
Registered: Mar 2012
Posts: 857

Rep: Reputation: 191Reputation: 191
Quote:
Originally Posted by ${i} View Post
hello LQ members

I've installed logcheck from the pclinuxos repos. I am using version 1.3.7

I ran logcheck without any parameters and the output said to use this
code to run it.
Code:
su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
I enter my root password and got a error message below

su: Authentication failure

I know my root password and I know for a fact, I entered it correctly but logcheck seems not able to authenticate it.

I even log in as root and tried to run logcheck and I got this message

logcheck should not be run as root. Use su to invoke logcheck:
su -s /bin/bash -c "/usr/sbin/logcheck" logcheck
Or use sudo: sudo -u logcheck logcheck.

I think it's a bug.
No.
You are authenticating as the user "logcheck" not "root".
But, as above - use logwatch instead.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting logcheck to run on Mandriva 2009 Toadman Linux - Software 2 01-04-2009 11:01 PM
logcheck gabsik Linux - Security 1 05-28-2006 04:55 AM
Logcheck gabsik Linux - Software 1 05-05-2006 03:55 AM
logcheck.ignore JSLayton Linux - Software 1 02-02-2006 04:30 PM
[logcheck] ignore.d and logcheck.ignore cyberpunx Linux - Software 0 09-18-2005 06:07 PM


All times are GMT -5. The time now is 07:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration