Ubuntu auth.log

Protecting your Linux box
waqaskhawaja
Lance Naik
Posts: 44
Joined: Thu Aug 31, 2006 8:52 pm
Location: Lahore Pakistan
Contact:

Ubuntu auth.log

Postby waqaskhawaja » Sun Feb 11, 2007 1:35 am

Since the last two days, auth.log of an Ubuntu machine I ssh into has stopped updating. The last login displayed is two days old and it does not show any current logins. I have already gone through sshd.conf. Any idea where shall I start?

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sun Feb 11, 2007 1:42 am

restart syslogd, maybe?

or, apt-get install chkrootkit and use it.

waqaskhawaja
Lance Naik
Posts: 44
Joined: Thu Aug 31, 2006 8:52 pm
Location: Lahore Pakistan
Contact:

Postby waqaskhawaja » Sun Feb 11, 2007 2:42 am

Thanks.

Nothing found by chkrootkit and syslogd restart solved the problem. I, however, find two logins by an unknown ip just before auth.log stopped working. May be it is time I start learning snort.

lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Postby lambda » Sun Feb 11, 2007 5:24 pm

i found something else that can help: debsums. install it using apt-get, and then run "debsums -as".


Return to “Security”

Who is online

Users browsing this forum: No registered users and 2 guests