__/ [Hossain] on Saturday 14 January 2006 06:34 \__
> Roy Schestowitz wrote:
>
>> __/ [Hossain] on Saturday 14 January 2006 03:57 \__
>>
>>> Folks
>>> Wondering how to check the login/attempted login record.
>>> Searching over google tells it has something to do /var/log/wtmp
>>> but couldn't figure out.
>>>
>>> Thanks for the info
>>> masrur
>>
>> What could you not figure out specifically? Are all the login records
>> there? There appear to be many in compressed files, along the most recent
>> batch which is uncompressed. They are not very easily readable, but the
>> username and other details are all there and can be viewed in a text
>> editor.
>>
>> Have you tried running 'last' yet? It might prove useful in this
>> circumstance, depending on how far back you wish to explore. It only lists
>> successful logins though.
>>
>> Roy
>
> Thanks Roy, actually I used "last" but as you mentioned, it only lists
> successful logins, list of unsuccessful login attempts would give an
> idea how frequently there is a hacking attempt.
>
> thanks
Just choose good password and particularly a good root password. Also see:
/var/log/faillog
These are barely readable, but everything is there. I wonder if there is a
tool which parses and interprets such logs.
In SuSE 9.3 I noticed that YaST includes excellent firewall facilities. You
could restrict remote access to only a few IP addresses that you use or can
trust.
Best wishes,
Roy
|
|
