[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] logs

> I have read in several post about checking log files. I see no way to read
them from the admin screen which I find unusual since like someone said that
if a non linux person (like myself) is suppose to be able to run one of
these things how would we know were to look on the box for them.
> I want to make sure we are not hacked as I have seen several post here
lately.
> Where do I look for possible hack attempts and what do i look for in those
logs ?
> Is there a way to add sometime of GUI to read the logs like my mailserver
has ?

There's currently no way to read them from the GUI. I don't really think
you'd want to, as the logs get really big really quickly, and loading them
up would take *forever* through the web - and then you'd have to scroll
through all kinds of stuff that doesn't apply to what you're looking for.
You can read them through telnet or through FTP.

Two nice programs, both free: PortSentry and Logchecker. Available at
Psionic software, www.psionic.com.
Portsentry will block your open ports and really help you out in terms of
security - although it is only the beginning of what you should do to secure
the machine.
Logchecker will check your logs for you, and email you with anything it
finds to be out-of-the-ordinary. Saves you a lot of time going through your
logs by hand.

You might want to subscribe to the Cobalt security mailing list, too - I
believe it's available from the Cobalt/Support/Resources/Mailing Lists page.
If not, there was just a post on it yesterday or so, do a search in the
archives for 'security mailing list'.  (Sorry I don't have the URL handy.)

Whatever you do, at this point - please do NOT post your IP address, or the
domain name of your server. If you're subscribed to this list under an email
address that is from a domain on your server, CHANGE IT NOW. Go get a
hotmail address or something and subscribe with that.
And if the machine is hooked up to the internet right now, UNHOOK IT.
Because you just advertised to the world that you're sitting in the middle
of a shooting range with nothing on but your skivvies for protection. The
hackers are most likely reading this list looking for people just like you.

I don't mean to sound cold, truly. I know what it's like to be a newbie (I
still am one) and not even think about the "bad people" that could be
reading the list.
One of the biggest mistakes I ever made was assuming that no one would even
bother to try to hack into my box - after all, why should they? I'm nobody.
They're after big targets, big companies, right?  Ha. Once Zeffie got some
well-needed stuff installed on my machine for me I saw just how wrong I was.
The number of attack attempts climbs daily. These people don't care who you
are or what you've got on your machine, they're doing it just for the point
of doing it, so they can take over control of your machine and do whatever
they want with it. It's a much easier solution than going after a machine of
NASA's, right?  Just grab some little nobody's machine and spam the world...

As for getting your machine secured up as fast as possible, if you really
don't know anything about Linux and are afraid you might break something,
there are plenty of very skilled people on the list who'll take a modest fee
to get you all updated.  It will cost you *much* less money than trying to
recover from being hacked.

With that in mind, don't regret buying a Cobalt. This is the same deal with
any server you put online, not just Cobalt machines. You've gotta keep it
updated and secure as possible.
Again, welcome to the family...

CarrieB