Ubuntu auth.log

Protecting your Linux box

Ubuntu auth.log

Postby waqaskhawaja » Sun Feb 11, 2007 1:35 am

Since the last two days, auth.log of an Ubuntu machine I ssh into has stopped updating. The last login displayed is two days old and it does not show any current logins. I have already gone through sshd.conf. Any idea where shall I start?
waqaskhawaja
Lance Naik
 
Posts: 44
Joined: Thu Aug 31, 2006 8:52 pm
WLM: w_kh@hotmail.com
Yahoo Messenger: waqas.khawaja@yahoo.com
Location: Lahore Pakistan

Postby lambda » Sun Feb 11, 2007 1:42 am

restart syslogd, maybe?

or, apt-get install chkrootkit and use it.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

Postby waqaskhawaja » Sun Feb 11, 2007 2:42 am

Thanks.

Nothing found by chkrootkit and syslogd restart solved the problem. I, however, find two logins by an unknown ip just before auth.log stopped working. May be it is time I start learning snort.
waqaskhawaja
Lance Naik
 
Posts: 44
Joined: Thu Aug 31, 2006 8:52 pm
WLM: w_kh@hotmail.com
Yahoo Messenger: waqas.khawaja@yahoo.com
Location: Lahore Pakistan

Postby lambda » Sun Feb 11, 2007 5:24 pm

i found something else that can help: debsums. install it using apt-get, and then run "debsums -as".
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron