----- Original Message -----
From: "Vince McHugh" <[EMAIL PROTECTED]>
To: "NH Linux User Group" <[EMAIL PROTECTED]>
Sent: Monday, July 09, 2001 12:27 AM
Subject: Linux Security - Which Logs?
> Can You tell me which logs you check on a regular
> basis or if you think a box has been compromised?
> If possible can you give me the exact name and
> location of the logs (I'm running SUSE 7.1 if that
> changes things).
>
Most (many?) applications by default log to /var/log. You need to check the
applications you use to see where they log messages and errors. Many times
they can be changed, if desired.
I check /var/log/messages, since many network and kernel messages show up
here. I also run sendmail, so I check /var/log/maillog every day, to make
sure that I'm the only one actually using it!
Many applications will also email a particular account if there's an error.
You should determine where the log files reside for all the services you
run, such as mail services, web servers, etc. and check them regularly.
I also check running tasks with gtop, to make sure there is nothing there
that shouldn't be. I'm sure others who use Linux more than I do will offer
other (better) suggestions for monitoring your system.
Rich Cloutier
SYSTEM SUPPORT SERVICES
www.sysupport.com
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
