Gentoo Archives: gentoo-amd64

From: Brett Johnson <brett@××××.com>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] /var/log
Date: Wed, 21 Dec 2005 13:32:42
Message-Id: 20051221133042.GD22736@blzj.com
In Reply to: Re: [gentoo-amd64] /var/log by Gavin Seddon
> > On 21 Dec 2005, at 12:32, Gavin Seddon wrote: > > > I have been looking in '/var/log' for users logging on. The files and > > > directories in there are fastidiously organised (to say the least). > > > Better than usual UNIX distros. What is the best place to look for > > > logins/hacks.
You should take a look at http://www.gentoo.org/doc/en/security/security-handbook.xml. It has some great information on securing your install, from pyhsical security to logging all activity and everything inbetween. I would recommend setting up logsentry (see section 3. Logging) which is a tool that parses the log files and then emails you with unusual events. It takes a little tweaking to get it working good with metalog, but is very useful once it's setup. I see you next thread is on firewalls, and that is addressed in the security handbook too. Brett -- gentoo-amd64@g.o mailing list