Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
IMO, that is a real mistake. Your logs are basically your eyes and ears when it comes to security. You should be reviewing them on a regular basis in order to spot the kind of anomalies that can be an indicator of someone attempting to break into your system. They're also critical for diagnosis hardware and software problems. If you find reading them to be overwhelming, try using something like logwatch to mail you summaries of important log events. But completely removing your logging mechanisms is a big mistake. Plus the disk activity required for logging is nothing compared to the usage of swap or /tmp. If your log files are just getting overly large, use logrotate.
unless owned or used by nasty ppl, i am fine with non-log-daemon system.
--
cat /dev/null > /var/log/*
PS: honestly, i never ever have seen the log files, and i will do so. When there is hardware/software problems, always i can figured it out.
PPS: i knew ssh or similar server style apps(*almost* them with the help of aptitude), like i said my computer is "public personal", and it ain't for the server. and guess what? did i installed "ssh"??
PPPS: now these days.., big brother laughing at astaro
The point is to be able to spot break-in attempts or the information gathering before a compromise occurs. A good example is the sshbruteforce tool. Someone could try username/password combos 24-7 and you wouldn't have the slightest idea.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.