Section 19.1 Check Your varlog Logs

Previous page
Table of content
Next page
   

19.1 Check Your /var/log Logs

Many Linux daemons and other important programs (and the kernel) keep a log file of their activities, and you should scan these log files at least daily for signs of a break-in. Scanning techniques were discussed in Part III in detail, including the use of automatic scanners, such as logcheck, that will recognize entries resulting from crackers from the thousands of boring routine entries. If your system is on the Internet, you will see cracking attempts at least weekly.

Linux and UNIX have a standard directory where most log files are kept that is either /var/log for distributions such as Red Hat, or /var/adm for distributions such as Slackware. I always create a symlink from whichever of these exists to the other name so I do not have to worry about this distinction once I set the system up. (I also do this with the mail directory so that I always can get to it via /usr/mail, even though typically it will be /var/spool/mail on Linux.)

       
    Top

    Previous page
    Table of content
    Next page
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    Real World Linux Security Prentice Hall Ptr Open Source Technology Series
    ISBN: N/A
    EAN: N/A
    Year: 2002
    Pages: 260
    BUY ON AMAZON
    ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
    Image Processing with LabVIEW and IMAQ Vision
    Cisco IP Communications Express: CallManager Express with Cisco Unity Express
    Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
    GO! with Microsoft Office 2003 Brief (2nd Edition)
    GDI+ Programming with C#
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy