Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place! |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-16-2010, 11:24 AM
|
#1
|
Member
Registered: Nov 2008
Distribution: Ubuntu Lucid Lynx
Posts: 541
Rep:
|
security sort of
My 2 linux jaunty boxes are running 24/7.
Cam home to find the box running my ftp server is going mad, hub lights. no prob. but check most causes for access, all log say no access.
what logs should I check? Tried proftp, samba, and ssh
|
|
|
01-16-2010, 11:39 AM
|
#2
|
LQ Guru
Registered: Oct 2003
Location: Bonaire, Leeuwarden
Distribution: Debian /Jessie/Stretch/Sid, Linux Mint DE
Posts: 5,196
|
/var/log/auth.log
jlinkels
|
|
|
01-16-2010, 11:49 AM
|
#3
|
Member
Registered: Nov 2008
Distribution: Ubuntu Lucid Lynx
Posts: 541
Original Poster
Rep:
|
Quote:
Originally Posted by jlinkels
/var/log/auth.log
jlinkels
|
thanks. still help. logged my box after restar as another user. fine no unusual activity.
so it must be a process i'm running! less concerned.
Code:
Jan 16 16:37:48 tux dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.52" (uid=1000 pid=41
Jan 16 16:37:59 tux dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.52" (uid=1000 pid=41
Jan 16 16:38:03 tux dbus-daemon: Rejected send message, 1 matched rules; type="method_call", sender=":1.52" (uid=1000 pid=41
Jan 16 16:38:08 tux gdm[3357]: pam_unix(gdm:session): session closed for user edie
Jan 16 16:38:26 tux gdm[3357]: pam_unix(gdm:session): session opened for user johnh10000 by (uid=0)
Jan 16 16:38:26 tux gdm[3357]: pam_ck_connector(gdm:session): nox11 mode, ignoring PAM_TTY :0
Jan 16 16:38:26 tux gnome-keyring-daemon[4324]: Couldn't unlock login keyring with provided password
Jan 16 16:38:26 tux gnome-keyring-daemon[4324]: Failed to unlock login on startup
Jan 16 16:39:01 tux CRON[4556]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 16 16:39:01 tux CRON[4556]: pam_unix(cron:session): session closed for user root
Jan 16 16:40:01 tux CRON[4781]: pam_unix(cron:session): session opened for user root by (uid=0)
Jan 16 16:43:04 tux sudo: johnh10000 : TTY=pts/1 ; PWD=/home/johnh10000 ; USER=root ; COMMAND=/bin/bash
heres the latest on that log:
|
|
|
01-16-2010, 12:45 PM
|
#4
|
Member
Registered: Nov 2008
Distribution: Ubuntu Lucid Lynx
Posts: 541
Original Poster
Rep:
|
Quote:
Originally Posted by jlinkels
/var/log/auth.log
jlinkels
|
Found it! someone ? was tring to breakin via my secondary http port! Sussed it, via firestarter
moved it, resolved. thanks
|
|
|
01-16-2010, 02:16 PM
|
#5
|
Moderator
Registered: May 2001
Posts: 29,415
|
Moving a port is security by obscurity which does not make your machine any more secure: do a port range scan and it will be found again. It would be better to harden the machine. Done properly it can diminish the amount of attacks, alert you of events that should be dealt with and save you time and aggravation.
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 03:14 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|