Pick a Free OS

User login

Navigation

Home

Securing Linux: Part 2

Thu, 12/14/2000 - 04:32 |  admin
Email: 
trevor@freeos.com

service on your machine by making use of TCP WRAPPERS.

The changes will be evident once you have restarted the inetd service on

your machine.

Fine tuning your system logs

There are two main logging daemons running on your Linux machine -- "klogd"

and "syslogd". "klogd" is the kernel logging daemon and "syslogd" is the

logging daemon for system related services. The configuration file for

syslog is /etc/syslog.conf. Lets fine-tune this file to get syslogd to dump

more accurate information into the logs. This additional information can

always be useful in case of break in or if there is any other malfunction

of a particular service.

Our /etc/syslog.conf looks as follows.

# Start of the /etc/syslog.conf file

# Monitor authentication attempts

auth.*;authpriv.* /var/log/authlog

#----------

#--> This is to dump all the authentication attempt related output to

the

#file /var/log/authlog.

#----------

# Monitor all kernel messages

kern.* /var/log/kernlog

#--------------

# --> This is to dump all the kernel related messages to the

#file /var/log/kernlog.

#--------------

# Monitor all warning and error messages

*.warn;*.err /var/log/syslog

#-------------

# --> All the errors and warning messages are appended to the file

#/var/log/syslog.

#-------------

# End of /etc/syslog.conf

Most of the distributions often have only one or two log files where all

the information regarding authentication messages, error messages, kernel

log messages are stored. We would certainly like to clean up the act and

have different information stored in specific files. The advantage of

having placed the different logged information in other files is that at

the time of retrieval it is easier to sort through the data as all the data

related to one particular activity is present in one file only. Having made

the changes to syslog.conf file, make sure you create an empty file of 0

bytes (touch filename) for files that are to be logged to. All files

mentioned in /etc/syslog.conf should be created at the locations mentioned

there as well as with the chosen filenames.

Only having logs in place to record all the activity is not enough, a good

system administrator also has to think of the devious minds at work trying

to erase all the signs of suspicious activity on your machine. This

Login to post comments |   |  Tags: Articles - Howtos, Linux

Contact Us | Terms of Use | Trademarks | Privacy Statement
Copyright © Freeos.com | Contact Us: info@freeos.com