Successful SSH Attack - Need help cleaning up

Matthew Walker rorith at
Tue Oct 31 11:09:09 MST 2006

On Tue, October 31, 2006 11:03 am, Brian Hawkins wrote:
> Good thread by the way.  It made me aware of the ongoing attacks against
> my own ssh server.
> It was mentioned several times about /var/log/secure.  It seemed
> significant that ssh was not logging to secure but to messages.  On my
> machine (Suse 9) I do not have a /var/log/secure file.  Please enlighten
> me as to this files significants and how it pertains to being hacked?
> Thanks
> Brian

That's not necessarily a bad sign. Some systems don't have the logs split
out like that by default.

Matthew Walker
Kydance Hosting & Consulting
LAMP Specialist

More information about the PLUG mailing list