Successful SSH Attack - Need help cleaning up

Gary Thornock gthornock at
Thu Nov 2 20:44:17 MST 2006

--- Daniel <teletautala at> wrote:
> Brian,
> /var/log/secure will contain logs for the ssh server.

That depends on the distribution.  Red Hat and its derivatives
use /var/log/secure.  FreeBSD uses /var/log/auth.log, and I think
Debian does, too.  SuSE uses /var/log/messages.  I have no idea
what Kubuntu does, and Gentoo offers at least three different
syslog systems, so your mileage is unconditionally guaranteed
to vary.

More information about the PLUG mailing list