19.1 Check Your /var/log LogsMany Linux daemons and other important programs (and the kernel) keep a log file of their activities, and you should scan these log files at least daily for signs of a break-in. Scanning techniques were discussed in Part III in detail, including the use of automatic scanners, such as logcheck, that will recognize entries resulting from crackers from the thousands of boring routine entries. If your system is on the Internet, you will see cracking attempts at least weekly. Linux and UNIX have a standard directory where most log files are kept that is either /var/log for distributions such as Red Hat, or /var/adm for distributions such as Slackware. I always create a symlink from whichever of these exists to the other name so I do not have to worry about this distinction once I set the system up. (I also do this with the mail directory so that I always can get to it via /usr/mail, even though typically it will be /var/spool/mail on Linux.) |
Top |