btmp only logs telnet failures
Hi, I am looking at my firewall machine and ways of
making it a bit more secure or accountable........ I have just created a /var/log/btmp file by touch the owner/permissions are fine, as far as I understand it should log failed attempted logins, it does this, but only for telnet attempted logins not SSH ones. Can anyone explain why not ? and an alternative ? |
Uhm, Because ssh doesn't maintain login records? AFAIK it logs everything at the facility/level determined by what you specify at compile-time or in sshd_config. Which file it ends up in depends on syslog.conf.
If you want to be *really* sure, run sshd from strace, log in and try to see if any sshd process does a open/read/write on *any* of the login audit files /var/log/wtmp, /var/log/lastb or /var/run/utmp. |
Many Thanks for your reply, but can you tell me.... if I want to
stop my telnet service why can I not type in #service telnet stop it complains that there is no such service. Is the telnet service part of another service, hoa can I list my services in a format that I can just use the #service stop/start process ?? I know the services are listed in /etc/services, but I need to find out how those services are individually controlled. Any help would be gratefully received... |
Find file /etc/xinetd.d/telnet, change or add line "disabled = no" to yes. Restart xinetd.
If you want to secure your box but don't know how to start/stop services, maybe you'd like to start reading the LQ Security references at the top of this forum first. |
All times are GMT -5. The time now is 10:41 AM. |