secure log question
Manuel Arostegui Ramirez
manuel at todo-linux.com
Fri Aug 18 16:04:20 UTC 2006
El Viernes, 18 de Agosto de 2006 17:35, Bret Stern escribió:
> What is this process/session from the log "secure" on Fedora 5?
>
> Aug 16 04:02:09 servant su: pam_unix(su:session): session opened for user
> beagleindex by (uid=0)
Don't worry about beagleindex.
Think of it as like updatedb. I've read some sites where said that it
"ransacks personal data" which frankly kind of creeped me out.
I really don't know.
I decided to delete its account on my system ;-)
>
>
> What log is the best place to look for malicious
> connections?
>
> B Stern
By default, system log is /var/log/messages
You should use /var/log/secure to find out which connections have been made to
your system.
Every service, like Apache, proftpd...have their own logs.
Furthermore, if you have configured iptables to log some connections, look at
it too.
Hope that helps.
--
Manuel Arostegui Ramirez.
Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.
More information about the redhat-list
mailing list