Successful SSH Attack - Need help cleaning up

[Gary Thornock]

--- Daniel <teletautala at gmail.com> wrote:
> Brian,
> 
> /var/log/secure will contain logs for the ssh server.

That depends on the distribution.  Red Hat and its derivatives
use /var/log/secure.  FreeBSD uses /var/log/auth.log, and I think
Debian does, too.  SuSE uses /var/log/messages.  I have no idea
what Kubuntu does, and Gentoo offers at least three different
syslog systems, so your mileage is unconditionally guaranteed
to vary.