[ILUG] Q for ILUG - How to detect an unauthorised access

From: Martin McNelis (martin.mcnelis at domain tecnomen.ie)
Date: Mon 13 Aug 2001 - 15:14:14 IST

• Next message: Conor Daly: "Re: [ILUG] Document processing..."
• Previous message: Oisin Kim: "Re: [ILUG] Creating a multihomed host."
• Next in thread: Wynne, Conor: "RE: [ILUG] Q for ILUG - How to detect an unauthorised access"
• Maybe reply: Wynne, Conor: "RE: [ILUG] Q for ILUG - How to detect an unauthorised access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Just passing on a question for a friend. Anyone able to help?

> The question is as follows :
>
> I have an RH 6.1 system. It is being used as the gateway to the internet
> for a small home network (3 Windows PC's and 2 Linux machines).
>
> Nothing important is stored/runs on the gateway, however, I do not want to
> have to rebuild it.
> I want to allow ftp/telnet/ssh/web access to the internet. However, I do
> want to log all accesses to the system.
>
> At the moment I review the following log files regularly:
>
> 1) /var/log/http/access_log
> 2) /var/log/http/error_log
> 3) /var/log/messages
> 4) /var/log/secure
>
> Is this enough ?
> Is there some utility that will detect port-scanning and/or send an email
> when it is happening?
>
>
> Using the above files I have noticed regular attempt to access the system
> on ftp/telnet/http ports..
>
>

• Next message: Conor Daly: "Re: [ILUG] Document processing..."
• Previous message: Oisin Kim: "Re: [ILUG] Creating a multihomed host."
• Next in thread: Wynne, Conor: "RE: [ILUG] Q for ILUG - How to detect an unauthorised access"
• Maybe reply: Wynne, Conor: "RE: [ILUG] Q for ILUG - How to detect an unauthorised access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:35 GMT