Gentoo Archives: gentoo-amd64

From: Brett Johnson <brett@××××.com>
To: gentoo-amd64@l.g.o
Subject: Re: [gentoo-amd64] /var/log
Date: Wed, 21 Dec 2005 13:32:42
Message-Id: 20051221133042.GD22736@blzj.com
In Reply to: Re: [gentoo-amd64] /var/log by Gavin Seddon
1 > > On 21 Dec 2005, at 12:32, Gavin Seddon wrote:
2 > > > I have been looking in '/var/log' for users logging on. The files and
3 > > > directories in there are fastidiously organised (to say the least).
4 > > > Better than usual UNIX distros. What is the best place to look for
5 > > > logins/hacks.
6 You should take a look at
7 http://www.gentoo.org/doc/en/security/security-handbook.xml. It has some
8 great information on securing your install, from pyhsical security to
9 logging all activity and everything inbetween. I would recommend setting
10 up logsentry (see section 3. Logging) which is a tool that parses the log
11 files and then emails you with unusual events. It takes a little tweaking
12 to get it working good with metalog, but is very useful once it's setup.
13
14 I see you next thread is on firewalls, and that is addressed in the
15 security handbook too.
16
17 Brett
18 --
19 gentoo-amd64@g.o mailing list