Successful SSH Attack - Need help cleaning up

Corey Edwards tensai at zmonkey.org
Tue Oct 31 14:33:13 MST 2006


On Tue, 2006-10-31 at 14:26 -0700, Daniel wrote:
> Brian,
> 
> /var/log/secure will contain logs for the ssh server.

/var/log/secure will contain whatever your syslog server is told to send
there. For a Redhat system, you are correct. On Debian there is no such
file (instead it's auth.log). Check /etc/syslog.conf to see what your
system configurations are, unless you're using some other syslog daemon
in which case all bets are completely off.

Corey

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://plug.org/pipermail/plug/attachments/20061031/be0241d1/attachment.bin 


More information about the PLUG mailing list