[SUMMARY]: Re: SV: Hmm,, what is "secure.offset"?

[Alex Vorobiev <sasha forum swarthmore edu>]

it's the logcheck package, which checks your log files every so often, and
sends mail (or alerts sysadmin otherwise) about unusual system events
(conceptually, i suppose, similar to swatch).  in order to keep track of
exactly how much of your log files it has already checked, it needs to
keep a time-stamp, which is what you are seeing.

> >> I have had my RedHat 5.0 server out on the Internet for a while and it has been running smoothly all the time.
> >>
> >> Last week did I got a few new files in my /var/log directory named
> >> secure.offset
> >> maillog.offset
> >> messages.offset
> >>
> >> I am just curious (and nervous, ;) ) why did they showed up there, and what are they for?
> >>
> >> Looks like they contains some checksums.
> >
> >Maybe some dirt left by hackers trying to remove
> >evidence from the logs.
> 
> 
> Thats what I am afraid for.....
> I'm also running portscanning detectors, logcheck , remote syslogd eg. but can't find anything unusual in them, excpect a spoof try .  I can't run with hosts.allow, hosts.deny since I have a couple of people (approx 100+, all of thoose people is trustful, and the facist log ;) for them is checked) who are using SSH.
> I have searched usenet and the web for "messages.offset" , read the man pages for syslogd and all my protection software, but I can't find it on any place, thats why want to know what thoose files are for.
> 
> Ifr anyone knows what they are for.... Plz tell me that :)