[plug] /var/log/secure reporting

Adam Davin byteme-its at westnet.com.au
Mon Aug 8 15:52:30 WST 2005


G'day all,

On Mon, 8 Aug 2005 14:37:52 +0800
"Shannon Carver" <Shannon.Carver at P-S-T.COM.AU> wrote:

> Ah, ok.. I got that wrong.  
> 
> -----Original Message-----
> From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On
> Behalf Of Senectus .
> Sent: Monday, 8 August 2005 2:25 PM
> To: plug at plug.org.au
> Subject: Re: [plug] /var/log/secure reporting
> 
> On 8/8/05, Shannon Carver <Shannon.Carver at p-s-t.com.au> wrote:
> > This is true.  On my external SSH box at work, I get x,000's of
> > connection attempts a day, from a whole range of IP's, with no
> apparent
> > correlation between connect attempts, source address, time of
> > attempt etc etc.  There's nothing that can really be done about
> > this, bar restricting the hosts able to connect to the box to only
> > known IP's,
> and
> > using secure passwords or keys to connect.
> > 
> > What I'm saying is, preventing the problem from occurring the first
> > place, is probably better, than having an motd which prints out 5
> pages
> > of failed login attempts each time you log in.
> > 
> Not Failed.. I want the MoTD to show SUCCESSFUL Attempts.
> 
I started on the book "Hardening Linux" <various authors> McGraw Hill
ISBN 0-07-225497-1. ~$70.00
One of the things they mentioned in there is that if the hacker /
cracker knows what they are doing is there will most likely not be any
record of the login as it will have been deleted from the logs. Thus
looking for a logout without a matching login may also speak mountains.

Just a thought. 

Regards, 

-- 

Adam Davin
Byteme IT Services
Mob: 0422 893 898
Email: byteme-its at westnet.com.au



More information about the plug mailing list