LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-21-2005, 06:57 PM   #1
MikeFoo1
Member
 
Registered: Apr 2004
Distribution: Slackware 9.1
Posts: 72

Rep: Reputation: 15
/var/log/secure ???


Quote:
May 7 14:44:10 XXX proftpd[1243]: connect from 82.227.73.36
May 12 21:50:36 XXXX proftpd[2490]: connect from 82.121.62.174
May 12 21:56:02 XXXX proftpd[2499]: connect from 211.107.232.1

Do these entries mean that someone was successful in connecting to my system or are they *failed* attempts ?



Thanks.
 
Old 06-21-2005, 11:37 PM   #2
IchBin
Member
 
Registered: Dec 2004
Distribution: Tinysofa Classic
Posts: 75

Rep: Reputation: 15
I'm not sure as I dont use FTP. Doesn't proftp log to its own file though? YOu should check those logs as these might just be attempts. Also you might want to check if proftp later rejected those IP's in the secure log.
 
Old 06-22-2005, 03:42 AM   #3
MikeFoo1
Member
 
Registered: Apr 2004
Distribution: Slackware 9.1
Posts: 72

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by IchBin
I'm not sure as I dont use FTP. Doesn't proftp log to its own file though? YOu should check those logs as these might just be attempts. Also you might want to check if proftp later rejected those IP's in the secure log.
Thanks for your reply . I am not too sure as i have already disabled ftp (ports 20,21) in /etc/services ?!


I have come across this as well :
Quote:
In inetd mode, the proftpd server expects to be started by the inetd (or xinetd) servers. It is these servers, inetd/xinetd, that listen on the FTP port (usually 21) for connection requests, then start proftpd and pass the connection off. This mode is usually best suited for low traffic sites, for sites that do not handle many FTP sessions.
So , do i have to edit /etc/inetd.conf as well ?
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
/var/log/secure format Latem Linux - Security 1 07-24-2005 08:00 PM
APF and /var/log/secure.1... tilt32 Linux - Security 5 03-28-2005 07:19 AM
/var/log/secure allelopath SUSE / openSUSE 3 02-15-2005 08:56 AM
entries in /var/log/secure zepplin611 Linux - Newbie 1 07-20-2004 05:57 PM
/var/log/secure dragon Linux - Security 6 12-02-2003 08:45 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:31 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration