SUSE / openSUSEThis Forum is for the discussion of Suse Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
my friend claims he hacked me, as a joke, don't know if he's serious or not, but it got me thinking, I never considered looking at the firewall logs before.
I checked them out but i'm not sure which ones are actually the firewall logs and in the logs, what to I look for that indicates an attack or someone probing my machine?
I am not sure and it would be good to know this information. I am using suse 9.1. Thanks
Are You running Susefirewall2 in with all it's default settings and have you selected the correct external interface ?
--- If yes your friend is pulling your leg unless you have an internal wireless lan.
-- else post your firewall settings
Firewall logs can be found in " /var/log/messages " but with out extra logging turned on there may be nothing there to find.
With an always on connection;
Logging all dropped packets will generate at least 500 lines a day some times many 1000's depending on virus & worm activity
Logging all packets will generate all of the above + your activity + what ever ( in short will log everything to and from )
I run with "Log all dropped packets" and forward my logs to http://www.dshield.org/ in an effort to clean up the net.
thanks for the info m_shroom. I do have the firewall set on it's default settings. In your opinion is it a good firewall? I know this is subjective but I was wondering what your opinion is, I see very little discussion on this firewall. I got no internal network runnin, so that makes me less vulnerable? anyhow thanks for the response
If you have down loaded and installed all of the security updates from SuSE (on-line update) your system would be very hard to hack, with Susefirewall2 running in its default configuration ( all ports closed or hidden ) it's all but impossible to hack over the net
Yeah, SuSE firewall's actually pretty good. The logging issue bothered me though. If you read through your root mail (either after install or after a SuSE firewall update I can't remember it's been a while), you'll find that they opted to turn firewall syslog off.
The mail will instruct you on how to edit the syslog file and what to do to turn the firewall log back on.
I posted a how to on this issue a while ago on this site if you search you'll probably find it.
yeah he's running windows, i'm pretty confident that suse is hard to crack but still, I used to use sygate firewall in windows and i liked it's alerts, it showed graphically and in logs if people were doing port scans and whatnot, if there were major intrusions
exactly, I was hoped that I could have a graph show intrusion attempts running in the taskbar that i can goto, instead of having to comb through logs at some later date. If someone is hammering my PC with intrusion attempts I want to know about it and where the ip is coming from.
So has anyone found a real-time intrusion detection software that runs well on suse, preferably with a nice gui? It would be nice to know if some script kiddie is trying to hack his way into the system...
If anything use your Synaptic to find Nessus. I'm sure if you use Nessus and set it up right, you can scan your friend and tell him what's wrong with his Windows machine
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.