Successful SSH Attack - Need help cleaning up

Gary Thornock gthornock at yahoo.com
Thu Nov 2 20:44:17 MST 2006


--- Daniel <teletautala at gmail.com> wrote:
> Brian,
> 
> /var/log/secure will contain logs for the ssh server.

That depends on the distribution.  Red Hat and its derivatives
use /var/log/secure.  FreeBSD uses /var/log/auth.log, and I think
Debian does, too.  SuSE uses /var/log/messages.  I have no idea
what Kubuntu does, and Gentoo offers at least three different
syslog systems, so your mileage is unconditionally guaranteed
to vary.




More information about the PLUG mailing list