Hi, all. Despite my lack of response (sorry), I've been working on a security program. Right now it uses auth.log to identify failed login attempts via telnet, ftp, and (of course) ssh. I'm planning on "hard coding" this unless someone tells me I should look at other log files too.
I'm working on adding a check if the outside IP address changing to be able to reload the firewall if it uses it. And I'm thinking it'd be good to check if any of the system programs are changed - check the date-time stamp and size. These sorts of things can be done on a low rate periodic interval. This has become somewhat of a compulsion for me of late, partly because I think it's a thing that ought to be, and because I'm using it to refresh my programming brain. I would appreciate insights. Thanks. Walter
