LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-09-2007, 10:34 PM   #1
cirman
LQ Newbie
 
Registered: Dec 2003
Location: New Zealand
Distribution: Fedora 9, 10 live CD
Posts: 23

Rep: Reputation: 15
security log FC5 stops running -howto restart?


Checking logs I find that Fedora 5 security log has stopped running. Can it be restarted from the command line? Other logs and message log are running up to today.
 
Old 02-10-2007, 12:59 AM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hey Cirman,
How do you understand that the security log has stopped? Do you see something in your other logs that syslog has stopped?

Also you mention that the other logs are running properly. That means syslog looks to be running properly.Where are you looking to confirm this?

Please post the output of the following commands here:

Code:
who -r
cat /etc/syslog.conf
ps aux | grep syslog
chkconfig --list | grep syslog
By default I believe a lot of the security logs get logged to /var/log/secure. So each time say you log in to your box you should get a line in /var/log/secure , something like this:

Code:
[root@snort log]# grep secure /etc/syslog.conf
authpriv.*                                              /var/log/secure
[root@snort log]# grep secure /etc/syslog.conf
authpriv.*                                              /var/log/secure
[root@snort log]# ll /var/log/secure*
-rw-------    1 root     root           98 Feb 10 12:19 /var/log/secure
-rw-------    1 root     root          192 Feb  3 17:49 /var/log/secure.1
-rw-------    1 root     root          982 Jan 27 18:14 /var/log/secure.2
-rw-------    1 root     root          175 Jan 20 12:51 /var/log/secure.3
-rw-------    1 root     root            0 Jan  7 04:02 /var/log/secure.4
[root@snort log]# cat /var/log/secure
Feb 10 12:19:15 snort sshd[27158]: Accepted password for root from 10.41.42.192 port 1482 ssh2
[root@snort log]#
Are you getting anything like this? If not you might want to try and restart syslog from the command line using:
Code:
service syslog restart
and see if that helps.

Post back if you're still having problems.

Cheers
Arvind
 
Old 02-10-2007, 02:51 PM   #3
cirman
LQ Newbie
 
Registered: Dec 2003
Location: New Zealand
Distribution: Fedora 9, 10 live CD
Posts: 23

Original Poster
Rep: Reputation: 15
security log FC5 - stopped?

Thanks for your reply Arvind. I am guessing it has stopped - there have been no entries since 13 January 2007, yet prior to that date an entry appeared on a regular basis - sometimes more than one a day. It is the same with syslog which has entries appearing every day. I just suspected I had been hacked an a vital log stopped from outside.... Some of the entries I see do not mean very much too me yet, but I am making progress having successfully stopped pinging to my desktop and getting a full 'stealth report' from grc.com for what it is worth. I just go to Administration link and open 'systems log' tab - I then see the text in a panel. That is not using the Command line but desktop graphic interface.
 
  


Reply

Tags
syslog


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FC5 Install stops after anaconda loads... avaleriu Fedora - Installation 3 11-14-2006 01:14 AM
FC5 restart httpd stops mysql dradept Linux - Newbie 2 11-12-2006 03:10 AM
howto start ntpdate after restart ? cccc Debian 4 08-13-2006 06:57 PM
HOWTo restart downloading with wget ashwin_cse Red Hat 5 08-26-2004 10:07 AM
How to restart the group security? explorer1979 Linux - Security 0 09-02-2001 10:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 10:28 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration