Successful SSH Attack - Need help cleaning up

Matthew Walker rorith at kydance.net
Tue Oct 31 11:09:09 MST 2006


On Tue, October 31, 2006 11:03 am, Brian Hawkins wrote:
> Good thread by the way.  It made me aware of the ongoing attacks against
> my own ssh server.
>
> It was mentioned several times about /var/log/secure.  It seemed
> significant that ssh was not logging to secure but to messages.  On my
> machine (Suse 9) I do not have a /var/log/secure file.  Please enlighten
> me as to this files significants and how it pertains to being hacked?
>
> Thanks
> Brian
>

That's not necessarily a bad sign. Some systems don't have the logs split
out like that by default.

-- 
Matthew Walker
Kydance Hosting & Consulting
LAMP Specialist



More information about the PLUG mailing list