Log in or Sign up

Logs to check

Discussion in 'Security' started by argothiusz, May 27, 2008.

argothiusz Well-Known Member

Messages:

1,500

Likes Received:

79

Best Answers:

0

Trophy Points:

140

#1

What logs do I have to check daily?
I am currently moderating /var/log/secure and /var/log/message

Also I got this kind of message from my CSF?

82.47.211.221 # lfd: 5 (htpasswd) login failures from 82.47.211.221 - Sat May 24 14:02:17 2008
86.60.144.57 # lfd: 5 (htpasswd) login failures from 86.60.144.57 - Sat May 24 14:02:34 2008
75.8.236.20 # lfd: 5 (smtpauth) login failures from 75.8.236.20 - Sun May 25 13:58:44 2008
Click to expand...

What does that mean? is the user with SMPAUTH try to access my webmail? and the person with htpasswd is trying to access my CPANEL?

argothiusz, May 27, 2008 IP
CodyRo Peon

Messages:

365

Likes Received:

15

Best Answers:

0

Trophy Points:

0

#2

argothiusz said: ↑

What logs do I have to check daily?
I am currently moderating /var/log/secure and /var/log/message

Also I got this kind of message from my CSF?

What does that mean? is the user with SMPAUTH try to access my webmail? and the person with htpasswd is trying to access my CPANEL?
Click to expand...

Varies depending on what daemons / processes are running.. I would personally install some sort of rootkit checker and such (chkrootkit) and check those logs. Basically you're looking at the 'vanilla' logs and need to see what's running / what could be interesting / useful in viewing (FTP, etc).

And yes you're correct about the CSF logs.

CodyRo, May 27, 2008 IP

(You must log in or sign up to reply here.)