[plug] /var/log/secure reporting

Russell Steicke r.steicke at bom.gov.au
Mon Aug 8 11:06:42 WST 2005


On Mon, Aug 08, 2005 at 10:46:26AM +0800, Senectus . wrote:
> I've been marvelling at the scripted login attempts of my
> router/webserver/firewall box at home and It occurred to me that If I
> could get some sort of script to post successful login's for the past
> 2 weeks as a MoTD when I ssh into it I'd feel a lot happier.
> 
> Anyone think of a simple way to do this?

You could use sysnews with a script to extract stuff from /var/log and
write to /var/lib/sysnews.  Then run news (nothing to do with usenet)
in your .bash_profile or .bash_login.  The news command will only show
you the files in /var/lib/sysnews that were created after you last
read news.

Of course, if your attacker wanders around your system and sees that
this is occurring, you may not see the log entries you're after
anyway.


-- 
Russell Steicke

-- Fortune says:
I love treason but hate a traitor.
		-- Gaius Julius Caesar



More information about the plug mailing list