LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   [Security Questions] Last Login, how good is this feature for security breach info? (https://www.linuxquestions.org/questions/linux-security-4/%5Bsecurity-questions%5D-last-login-how-good-is-this-feature-for-security-breach-info-333004/)

t3gah 06-13-2005 06:38 AM

[Security Questions] Last Login, how good is this feature for security breach info?
 
Is there a way to have a secure last login log of who's been logging into the system and/or logging into email accounts?

With being owned so many times I want a sure fire way to track these people. So can the log be offloaded automatically to a secure slice in / or maybe /root ? If so, would the umask of 077 be enough or ?

marghorp 06-13-2005 07:24 AM

Depends on who owns you and how good are they at it. If they get root privileges, nothing is safe, not even in /root.

I said if they know what they are doing, they might trace your logging script and clear the logs. A good thing would be to log to a remote machine, this is rather more secure than logging to a machine that's been compromised.

RandomLinuxNewb 06-14-2005 02:02 AM

If your getting owned multiple times you really need to evaluate what your doing wrong. Are you running any unnecessary services, did you pick a good strong root password and user password? Did you keep up to date on security patches?


All times are GMT -5. The time now is 09:33 AM.