LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 10-31-2006, 01:57 PM   #1
JerryMcFarts
Member
 
Registered: Mar 2004
Location: Ohio, USA
Distribution: Ubuntu 6.04
Posts: 117

Rep: Reputation: 15
Hack Info


Hello there,

I just have a question, I am running Ubuntu and I checked my logs under apache2 and its only 3 days long. access.log.1 is the only access file I have. Seemed strange. I have ran rkhunter rootkit detector and I just ran it and everything checked out.

Code:
MD5
MD5 compared: 0
Incorrect MD5 checksums: 0

File scan
Scanned files: 342
Possible infected files: 0

Application scan
Vulnerable applications: 0

Scanning took 385 seconds
But I was wondering since I just installed webalizer and I ran it, and even though my website has been up for 2 years or so. Webalizer only saw this month(3 days or so from my access logs). I thought back in the day when I checked logs (I know I need to install some sort of logchecker, tripwire, etc.) that there were many access.log.# files. Is this something to be concerned about?
 
Old 10-31-2006, 04:05 PM   #2
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
Are you sure you don't have a script that removes logs after certain time? If not, what's the first date you see in access.log ?
 
Old 10-31-2006, 04:20 PM   #3
JerryMcFarts
Member
 
Registered: Mar 2004
Location: Ohio, USA
Distribution: Ubuntu 6.04
Posts: 117

Original Poster
Rep: Reputation: 15
Code:
$ cat /var/log/apache2/access.log
$
So nothing in access.log

Removed everything but dates. These are all the dates:
Code:
[17/Apr/2006:15:23:07 -0400] 
[17/Apr/2006:15:23:07 -0400]
[17/Apr/2006:15:23:07 -0400]
[17/Apr/2006:15:23:07 -0400]
[17/Apr/2006:15:26:20 -0400]
[17/Apr/2006:15:27:03 -0400]
 [17/Apr/2006:15:27:05 -0400]
[17/Apr/2006:15:31:02 -0400]
[17/Apr/2006:15:31:02 -0400]
[17/Apr/2006:15:31:04 -0400]
[17/Apr/2006:15:23:07 -0400]
[17/Apr/2006:15:26:20 -0400]
[17/Apr/2006:15:27:03 -0400]
[17/Apr/2006:15:31:02 -0400]
[17/Apr/2006:15:31:02 -0400]
[17/Apr/2006:15:31:02 -0400]
[17/Apr/2006:15:31:02 -0400]
That was access.log.1

Code:
$ date
Tue Oct 31 17:24:38 EST 2006
I am confused..
 
Old 11-01-2006, 06:32 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600Reputation: 3600
If you have suspicions it's best to get clarity, "the right way". That means focussing on the whole of the box. Work your way through this: Intruder Detection Checklist (CERT): http://www.cert.org/tech_tips/intrud...checklist.html.
If this turns up nothing then at least you can work on the Apache issue knowing the box is clean.
 
Old 11-01-2006, 01:28 PM   #5
Mara
Moderator
 
Registered: Feb 2002
Location: Grenoble
Distribution: Debian
Posts: 9,696

Rep: Reputation: 232Reputation: 232Reputation: 232
You mean that the only dates you have are dates from april? That would require quite detailed investigation...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
hack,, apenguinlinux General 5 02-22-2005 09:40 AM
help with my first hack? oldstinkyfish Programming 1 11-13-2004 06:03 AM
what the hack is this? doublefailure Linux - Security 13 04-24-2003 12:23 PM
hack ? spooge Linux - Security 4 01-21-2003 11:54 AM
My first hack te_conway Linux - Security 2 02-19-2002 03:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:05 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration