Do something like this as well cat /var/log/auth | grep "Accepted" | grep -v "*see note below*" | mail -s "Login Check" [EMAIL PROTECTED]
*note* Simply replace *see note below* with as much of your own computers usual ip address as you can, i.e., the ip address you get from your isp when connected. e.g. if your connection ip addresses range from 34.75.128.0 to 34.75.129.255, just put in 34.75.12 in the brackets above. What this does is checks to see if anyone besides you has telneted/ssh'ed into the server. Of course, this only works if you are the only person shelling in, and that you have a fairly static ip, and it's not perfect, but it's a start. Works for me anyway! Put that in a shell script in your cron.quarter-hourly, or .hourly, depending on how paranoid you are. Then set up email filters to bin it if it is empty when it comes in. At 02:28 22/03/2002 -0800, you wrote: >Message: 5 >From: Michael Stauber <[EMAIL PROTECTED]> >[snip] >There are other logfiles, which you might find more interesting: > >/var/log/messages General system logfile >/var/log/maillog Logfile for email related issues >/var/log/kernel Logfile for kernel related issues rgds Alan MacDonald -- Webmaster - aceposition.com [EMAIL PROTECTED] +353 51 870 594 _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
