[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: secure log question



El Viernes, 18 de Agosto de 2006 17:35, Bret Stern escribió:
> What is this process/session from the log "secure" on Fedora 5?
>
> Aug 16 04:02:09 servant su: pam_unix(su:session): session opened for user
> beagleindex by (uid=0)

Don't worry about beagleindex.
Think of it as like updatedb. I've read some sites where said that it
"ransacks personal data" which frankly kind of creeped me out.
I really don't know.

I decided to delete its account on my system ;-)

>
>
> What log is the best place to look for malicious
> connections?
>
> B Stern

By default, system log is /var/log/messages
You should use /var/log/secure to find out which connections have been made to 
your system.
Every service, like Apache, proftpd...have their own logs.
Furthermore, if you have configured iptables to log some connections, look at 
it too.

Hope that helps.
-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.



[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]