Monitoring Security Monitoring Security There are several ways of monitoring the security of your Red Hat system, allowing you to spot security breaches and other potential problems. System Logs /var/log The Red Hat Linux system maintains several log files that record system activity. Most of the interesting ones reside in /var/log. Here’s a table describing the most important log files: File in /var/log Contents View with btmp Record of all bad logins attempts. Updated by login program if it exists. lastb command cron Messages sent to syslogd from the cron daemon (which schedules jobs on Unix systems). Normal text viewing tools dmesg Kernel messages (from boot) Normal text viewing tools lastlog Last login times for all users. lastlog command messages Messages sent to syslogd with level of info or higher, except those from mail, cron or authentication related messages. Normal text viewing tools secure Messages sent to syslogd from authpriv (i.e. authentication and security messages that should only be visible to privileged users). Normal text viewing tools wtmp Record of all logins and logouts. last command Important Note that several of these files are maintained by the kernel logging daemon syslogd. The behavior of this daemon is controlled by the configuration file /etc/syslog.conf, and we can customize it if we don’t like the defaults (which are pretty good). For more information on configuring syslog, check its man page. Important The files /var/log/btmp and /var/log/wtmp are updated only if they exist (i.e. the programs that update these files won’t create them for you). The default Red Hat Linux 9 installation has /var/log/wtmp, so all logins and logouts are logged, but not /var/log/btmp. A diligent system administrator will regularly review the contents of these log files, either using tools such as gedit, if the file is a plain text file, or the appropriate command such as last or lastlog if the file contains formatted data. However, regularly trawling through log files for the occasional message of significance is very tedious. Fortunately, there’s an automated tool called logwatch that takes away much of the tedium. Even better for us, Red Hat include a sensible default setup so it’s up and running out of the box. logwatch Logwatch is a tool for searching through log files for interesting messages and summarizing them elsewhere. We will look at the default configuration provided with Red Hat Linux 9. The configuration files for logwatch are in /etc/log.d. The main configuration file is called logwatch.conf, and 406
Note: If you are looking for good and quality webspace to host and run your java application check professional java hosting services