From: Martin McNelis (martin.mcnelis at domain tecnomen.ie)
Date: Mon 13 Aug 2001 - 15:14:14 IST
Just passing on a question for a friend. Anyone able to help?
> The question is as follows :
> I have an RH 6.1 system. It is being used as the gateway to the internet
> for a small home network (3 Windows PC's and 2 Linux machines).
> Nothing important is stored/runs on the gateway, however, I do not want to
> have to rebuild it.
> I want to allow ftp/telnet/ssh/web access to the internet. However, I do
> want to log all accesses to the system.
> At the moment I review the following log files regularly:
> 1) /var/log/http/access_log
> 2) /var/log/http/error_log
> 3) /var/log/messages
> 4) /var/log/secure
> Is this enough ?
> Is there some utility that will detect port-scanning and/or send an email
> when it is happening?
> Using the above files I have noticed regular attempt to access the system
> on ftp/telnet/http ports..
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:35 GMT