Mark Bucciarelli said at 08/06/04 17:24:
I'm thinking about using the logcheck [1] program for intrusion detection,
and was wondering if anyone here uses it. If so, have you modified the
keyword filter files?
I'd advise creating a 'local' definition in /etc/logcheck/ig
On Tuesday 08 June 2004 12:31, Steve Kemp wrote:
> On Tue, Jun 08, 2004 at 12:24:26PM -0400, Mark Bucciarelli wrote:
> > I like logcheck because it is simple. But it's not packaged for
> > Debian, so maybe no-one here uses it. If not, what tool do you
> > recomme
On Tue, Jun 08, 2004 at 12:24:26PM -0400, Mark Bucciarelli wrote:
> I like logcheck because it is simple. But it's not packaged for Debian, so
> maybe no-one here uses it. If not, what tool do you recommend for
> intrusion detection?
Logcheck is a good tool, and can be m
I'm thinking about using the logcheck [1] program for intrusion detection,
and was wondering if anyone here uses it. If so, have you modified the
keyword filter files?
I like logcheck because it is simple. But it's not packaged for Debian, so
maybe no-one here uses it. If not, wh
Mark Bucciarelli said at 08/06/04 17:24:
I'm thinking about using the logcheck [1] program for intrusion detection,
and was wondering if anyone here uses it. If so, have you modified the
keyword filter files?
I'd advise creating a 'local' definition in /etc/logcheck/ig
On Tuesday 08 June 2004 12:31, Steve Kemp wrote:
> On Tue, Jun 08, 2004 at 12:24:26PM -0400, Mark Bucciarelli wrote:
> > I like logcheck because it is simple. But it's not packaged for
> > Debian, so maybe no-one here uses it. If not, what tool do you
> > recomme
On Tue, Jun 08, 2004 at 12:24:26PM -0400, Mark Bucciarelli wrote:
> I like logcheck because it is simple. But it's not packaged for Debian, so
> maybe no-one here uses it. If not, what tool do you recommend for
> intrusion detection?
Logcheck is a good tool, and can be m
I'm thinking about using the logcheck [1] program for intrusion detection,
and was wondering if anyone here uses it. If so, have you modified the
keyword filter files?
I like logcheck because it is simple. But it's not packaged for Debian, so
maybe no-one here uses it. If not, wh
We have one Win2000 box and one WinNT 4 box left with the remainder of our
servers running Debian. Does anyone know if there is any sort of log
analysis routine similar to LogCheck for WinNT and 2000 so I can keep
apprised of problems and attempted hacks on the Windoze boxes?
We have one Win2000 box and one WinNT 4 box left with the remainder of our
servers running Debian. Does anyone know if there is any sort of log
analysis routine similar to LogCheck for WinNT and 2000 so I can keep
apprised of problems and attempted hacks on the Windoze boxes?
--
To UNSUBSCRIBE
Hello Nate :
Thank You Very Very Very Very Very Much. ;-)
--
Trust & Unique ...
Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hello Nate :
Thank You Very Very Very Very Very Much. ;-)
--
Trust & Unique ...
Axacheng's PGP Public Key http://www.navigation.idv.tw/pgpkey
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hello List :
I got some log report by logcheck, when i was installed MRTG into my site.
Jun 24 10:30:01 axanet ucd-snmp[378]: Connection from 61.221.73.226
Jun 24 10:35:02 axanet ucd-snmp[378]: Connection from 61.221.73.226
Jun 24 10:35:02 axanet ucd-snmp[378]: Connection from
Hello List :
I got some log report by logcheck, when i was installed MRTG into my site.
Jun 24 10:30:01 axanet ucd-snmp[378]: Connection from 61.221.73.226
Jun 24 10:35:02 axanet ucd-snmp[378]: Connection from 61.221.73.226
Jun 24 10:35:02 axanet ucd-snmp[378]: Connection from
On Thu, 21 Sep 2000 [EMAIL PROTECTED] wrote:
> Also, would something be running from cron that does this every morning at
> 6:23 AM?
Apache?
> Anyone know how I can investigate furthur?
see: /etc/cron.daily/ (to see what's being run)
/etc/crontab (to see when it's being run
On Thu, 21 Sep 2000 [EMAIL PROTECTED] wrote:
> Also, would something be running from cron that does this every morning at
> 6:23 AM?
Apache?
> Anyone know how I can investigate furthur?
see: /etc/cron.daily/ (to see what's being run)
/etc/crontab (to see when it's being ru
On Thu, Sep 21, 2000 at 06:09:48PM -0500, [EMAIL PROTECTED] wrote:
> Hey Russel and Group,
> Thanks for the continuing discussion.
>
> > Nobody suing to root is not non-threatening! Ideally you would have a
> > group
> > wheel or root required for su to root to prevent this. Currently I haven'
On Thu, 21 Sep 2000, [EMAIL PROTECTED] wrote:
> Hey Russel and Group,
> Thanks for the continuing discussion.
>
> > Nobody suing to root is not non-threatening! Ideally you would have a
> > group wheel or root required for su to root to prevent this. Currently I
> > haven't as I haven't got the P
Hey Russel and Group,
Thanks for the continuing discussion.
> Nobody suing to root is not non-threatening! Ideally you would have a group
> wheel or root required for su to root to prevent this. Currently I haven't
> as
> I haven't got the PAM setup for it going yet.
PAM is acronym for 'pass
On Thu, Sep 21, 2000 at 06:09:48PM -0500, [EMAIL PROTECTED] wrote:
> Hey Russel and Group,
> Thanks for the continuing discussion.
>
> > Nobody suing to root is not non-threatening! Ideally you would have a group
> > wheel or root required for su to root to prevent this. Currently I haven't as
On Thu, 21 Sep 2000, [EMAIL PROTECTED] wrote:
> Hey Russel and Group,
> Thanks for the continuing discussion.
>
> > Nobody suing to root is not non-threatening! Ideally you would have a
> > group wheel or root required for su to root to prevent this. Currently I
> > haven't as I haven't got the
Hey Russel and Group,
Thanks for the continuing discussion.
> Nobody suing to root is not non-threatening! Ideally you would have a group
> wheel or root required for su to root to prevent this. Currently I haven't as
> I haven't got the PAM setup for it going yet.
PAM is acronym for 'passwo
On Wed, 20 Sep 2000, Art Sackett wrote:
>On Tue, Sep 19, 2000 at 06:03:48PM -0500, [EMAIL PROTECTED] wrote:
>> Hey Guys,
>> Do any of you know what may have caused this message in my syslogs?
>>
>> Unusual System Events
>> =-=-=-=-=-=-=-=-=-=-=
>> Sep 19 06:25:02 ghost su[322]: + ??? root-nobody
>>
On Wed, 20 Sep 2000, Art Sackett wrote:
>On Tue, Sep 19, 2000 at 06:03:48PM -0500, [EMAIL PROTECTED] wrote:
>> Hey Guys,
>> Do any of you know what may have caused this message in my syslogs?
>>
>> Unusual System Events
>> =-=-=-=-=-=-=-=-=-=-=
>> Sep 19 06:25:02 ghost su[322]: + ??? root-nobody
>
On Tue, Sep 19, 2000 at 06:03:48PM -0500, [EMAIL PROTECTED] wrote:
> Hey Guys,
> Do any of you know what may have caused this message in my syslogs?
>
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Sep 19 06:25:02 ghost su[322]: + ??? root-nobody
> Sep 19 06:25:02 ghost PAM_unix[322]: (su) ses
Hey Guys,
Do any of you know what may have caused this message in my syslogs?
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 19 06:25:02 ghost su[322]: + ??? root-nobody
Sep 19 06:25:02 ghost PAM_unix[322]: (su) session opened for user nobody
by (uid=0)
I am unsure of what the ??? represents a
On Tue, Sep 19, 2000 at 06:03:48PM -0500, [EMAIL PROTECTED] wrote:
> Hey Guys,
> Do any of you know what may have caused this message in my syslogs?
>
> Unusual System Events
> =-=-=-=-=-=-=-=-=-=-=
> Sep 19 06:25:02 ghost su[322]: + ??? root-nobody
> Sep 19 06:25:02 ghost PAM_unix[322]: (su) se
Hey Guys,
Do any of you know what may have caused this message in my syslogs?
Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Sep 19 06:25:02 ghost su[322]: + ??? root-nobody
Sep 19 06:25:02 ghost PAM_unix[322]: (su) session opened for user nobody
by (uid=0)
I am unsure of what the ??? represents
28 matches
Mail list logo
