21 Oct
2004
21 Oct
'04
3:52 p.m.
Quoting Matt Graham linux@bizniche.com:
My secure log (below) seems to indicate that someone is trying to hack into one of my Linux servers.
Where does one find a security log on their system, and how does one monitor it for possible problems?
On Red Hat systems, /var/log/secure. Red Hat also comes with a logrotate system that rotates the logs weekly and keeps the old ones around for 4 weeks. And there's a logwatch application that will send unusual or previously unseen entries to the root account. I'm sure all of this is highly configurable, but the default setup has been fine for my needs.
-- Dave Hull http://insipid.com