secure log question
Stuart Sears
stuart at sjsears.com
Fri Aug 18 15:48:38 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Bret Stern wrote:
> What is this process/session from the log "secure" on Fedora 5?
>
> Aug 16 04:02:09 servant su: pam_unix(su:session): session opened for user
> beagleindex by (uid=0)
that looks like beagled has been run to index files on your filesystem.
Probably as a cron task. In fact definitely.
this is run by cron via the /etc/cron.daily/beagle-crawl-system script
> What log is the best place to look for malicious
> connections?
/var/log/messages
- - should tell you when (eg) login sessions are opened
and also
/var/log/secure
will give you security information about them.
relying on local logs to detect malicious connections
is not particularly reliable. if you have a firewall in place most
incoming traffic will be rejected in any case.
other services will have logs that they use to detail requests that they
have responded to or rejected.
Regards
Stuart
- --
Stuart Sears RHCA RHCX
To err is human, to forgive is Not Company Policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFE5eFWamPtx1brPQ4RAge/AJ0QJXQxbSw+p+51Sm0CqTBFTma1KwCfVhsk
PxTkuDnT66ohVtydB+lQKn4=
=gkQe
-----END PGP SIGNATURE-----
More information about the Redhat-install-list
mailing list