Ubuntu auth.log

waqaskhawaja · Post by **waqaskhawaja** » Sun Feb 11, 2007 1:35 am

Since the last two days, auth.log of an Ubuntu machine I ssh into has stopped updating. The last login displayed is two days old and it does not show any current logins. I have already gone through sshd.conf. Any idea where shall I start?

Post by **lambda** » Sun Feb 11, 2007 1:42 am

restart syslogd, maybe?

or, apt-get install chkrootkit and use it.

waqaskhawaja · Post by **waqaskhawaja** » Sun Feb 11, 2007 2:42 am

Thanks.

Nothing found by chkrootkit and syslogd restart solved the problem. I, however, find two logins by an unknown ip just before auth.log stopped working. May be it is time I start learning snort.

Post by **lambda** » Sun Feb 11, 2007 5:24 pm

i found something else that can help: debsums. install it using apt-get, and then run "debsums -as".