-   Linux - Security (
-   -   btmp only logs telnet failures (

robmcw 03-12-2003 04:38 AM

btmp only logs telnet failures
Hi, I am looking at my firewall machine and ways of
making it a bit more secure or accountable........
I have just created a /var/log/btmp file by touch
the owner/permissions are fine, as far as I understand
it should log failed attempted logins, it does this, but
only for telnet attempted logins not SSH ones.
Can anyone explain why not ? and an alternative ?

unSpawn 03-12-2003 03:58 PM

Uhm, Because ssh doesn't maintain login records? AFAIK it logs everything at the facility/level determined by what you specify at compile-time or in sshd_config. Which file it ends up in depends on syslog.conf.

If you want to be *really* sure, run sshd from strace, log in and try to see if any sshd process does a open/read/write on *any* of the login audit files /var/log/wtmp, /var/log/lastb or /var/run/utmp.

robmcw 03-17-2003 06:22 AM

Many Thanks for your reply, but can you tell me.... if I want to
stop my telnet service why can I not type in #service telnet stop
it complains that there is no such service. Is the telnet service part of another service, hoa can I list my services in a format that
I can just use the #service stop/start process ?? I know the
services are listed in /etc/services, but I need to find out how those services are individually controlled. Any help would be
gratefully received...

unSpawn 03-17-2003 07:02 AM

Find file /etc/xinetd.d/telnet, change or add line "disabled = no" to yes. Restart xinetd.

If you want to secure your box but don't know how to start/stop services, maybe you'd like to start reading the LQ Security references at the top of this forum first.

All times are GMT -5. The time now is 04:50 AM.