> > On 21 Dec 2005, at 12:32, Gavin Seddon wrote:
> > > I have been looking in '/var/log' for users logging on. The files and
> > > directories in there are fastidiously organised (to say the least).
> > > Better than usual UNIX distros. What is the best place to look for
> > > logins/hacks.
You should take a look at
http://www.gentoo.org/doc/en/security/security-handbook.xml. It has some
great information on securing your install, from pyhsical security to
logging all activity and everything inbetween. I would recommend setting
up logsentry (see section 3. Logging) which is a tool that parses the log
files and then emails you with unusual events. It takes a little tweaking
to get it working good with metalog, but is very useful once it's setup.
I see you next thread is on firewalls, and that is addressed in the
security handbook too.
email@example.com mailing list