On Tue, 30 Mar 2010, Walter wrote: > Hi, all. Despite my lack of response (sorry), I've been > working on a security program. Right now it uses auth.log > to identify failed login attempts via telnet, ftp, and (of > course) ssh. I'm planning on "hard coding" this unless > someone tells me I should look at other log files too. > > I'm working on adding a check if the outside IP address > changing to be able to reload the firewall if it uses it. > And I'm thinking it'd be good to check if any of the system > programs are changed - check the date-time stamp and size. > These sorts of things can be done on a low rate periodic > interval. > > This has become somewhat of a compulsion for me of late, > partly because I think it's a thing that ought to be, and > because I'm using it to refresh my programming brain. I > would appreciate insights. Thanks. > > Walter >
Would setting up 'snort' help ? -- thanks Saifi.
