LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-16-2010, 11:24 AM   #1
johnh10000
Member
 
Registered: Nov 2008
Distribution: Ubuntu Lucid Lynx
Posts: 541

Rep: Reputation: 33
security sort of


My 2 linux jaunty boxes are running 24/7.

Cam home to find the box running my ftp server is going mad, hub lights. no prob. but check most causes for access, all log say no access.

what logs should I check? Tried proftp, samba, and ssh
 
Old 01-16-2010, 11:39 AM   #2
jlinkels
LQ Guru
 
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,196

Rep: Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044Reputation: 1044
/var/log/auth.log

jlinkels
 
Old 01-16-2010, 11:49 AM   #3
johnh10000
Member
 
Registered: Nov 2008
Distribution: Ubuntu Lucid Lynx
Posts: 541

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by jlinkels View Post
/var/log/auth.log

jlinkels
thanks. still help. logged my box after restar as another user. fine no unusual activity.

so it must be a process i'm running! less concerned.
Code:
Jan 16 16:37:48 tux dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.52" (uid=1000 pid=41
Jan 16 16:37:59 tux dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.52" (uid=1000 pid=41
Jan 16 16:38:03 tux dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.52" (uid=1000 pid=41
Jan 16 16:38:08 tux gdm[3357]: pam_unix(gdm:session): session closed for user edie
Jan 16 16:38:26 tux gdm[3357]: pam_unix(gdm:session): session opened for user johnh10000 by (uid=0)
Jan 16 16:38:26 tux gdm[3357]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0
Jan 16 16:38:26 tux gnome-keyring-daemon[4324]: Couldn't unlock login keyring with provided password
Jan 16 16:38:26 tux gnome-keyring-daemon[4324]: Failed to unlock login on startup
Jan 16 16:39:01 tux CRON[4556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 16 16:39:01 tux CRON[4556]: pam_unix(cron:session): session closed for user root
Jan 16 16:40:01 tux CRON[4781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 16 16:43:04 tux sudo: johnh10000 : TTY=pts/1 ; PWD=/home/johnh10000 ; USER=root ; COMMAND=/bin/bash
heres the latest on that log:
 
Old 01-16-2010, 12:45 PM   #4
johnh10000
Member
 
Registered: Nov 2008
Distribution: Ubuntu Lucid Lynx
Posts: 541

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by jlinkels View Post
/var/log/auth.log

jlinkels
Found it! someone ? was tring to breakin via my secondary http port! Sussed it, via firestarter

moved it, resolved. thanks
 
Old 01-16-2010, 02:16 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
Moving a port is security by obscurity which does not make your machine any more secure: do a port range scan and it will be found again. It would be better to harden the machine. Done properly it can diminish the amount of attacks, alert you of events that should be dealt with and save you time and aggravation.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can I use GNU sort to sort one field in order, another in reverse? zombieite Linux - Newbie 4 04-27-2009 01:23 AM
php sort help - sort numerical descending then by alphabetical? RavenLX Programming 3 03-11-2009 09:35 AM
selection sort compiles but does not sort the array as desired ganesha Programming 2 04-20-2008 08:44 AM
Is there a line limit with the sort utility? Trying to sort 130 million lines of text gruffy Linux - General 4 08-10-2006 09:40 PM
Gotta port loopback question.... (security, sort of) stellarmarine1 Linux - Networking 2 09-28-2004 03:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 03:14 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration