daily system wide sysadmin reports
Brian McKee
brian.mckee at gmail.com
Wed May 6 13:45:31 UTC 2009
On Wed, May 6, 2009 at 9:12 AM, Noah <admin2 at enabled.com> wrote:
> is there a decent piece of software out there that performs daily and
> system wide sysadmin reports of failed password attempts, irregular file
> permissions, and other helpful security data.
logwatch in summary mode is helpful, and you can tune each module as
you like - e.g. PAM related stuff more detail...
I tacked a typical logwatch report on to the end of this email in case
you aren't familiar with it.
daily rkhunter runs can also help spot oddities (and again be handled
by logwatch)
Or were you thinking more like Mandrake's msec?
Brian
################### Logwatch 7.3.6 (05/19/07) ####################
Processing Initiated: Tue May 5 07:35:09 2009
Date Range Processed: yesterday
( 2009-May-04 )
Period is day.
Detail Level of Output: 0
Type of Output: unformatted
Logfiles for Host: mycomputer
##################################################################
--------------------- iptables firewall Begin ------------------------
Listed by source hosts:
Logged 178 packets on interface eth0
From 192.168.0.402 - 28 packets to udp(2222)
From 192.168.0.403 - 38 packets to udp(2222)
From 192.168.0.405 - 34 packets to udp(2222)
From 192.168.0.406 - 30 packets to udp(2222)
From 192.168.0.407 - 26 packets to udp(2222)
From 192.168.0.415 - 22 packets to udp(2222)
---------------------- iptables firewall End -------------------------
--------------------- pam_unix Begin ------------------------
su:
Sessions Opened:
root -> nobody: 1 Time(s)
sudo:
Sessions Opened:
root -> root: 4 Time(s)
root -> administrator: 3 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Postfix Begin ------------------------
19.109K Bytes accepted 19,568
19.109K Bytes delivered 19,568
======== ================================================
4 Accepted 100.00%
-------- ------------------------------------------------
4 Total 100.00%
======== ================================================
4 Removed from queue
2 Sent via SMTP
2 Forwarded
---------------------- Postfix End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries**
Rootkit Hunter: Rootkit hunter check started (version 1.3.0): 1 Time(s)
Rootkit Hunter: Scanning took 3 minutes and 17 seconds: 1 Time(s)
---------------------- Connections (secure-log) End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd:
nagios:
some.ip.address.here : 60 times
root:
some.ip.address.here : 2 times
---------------------- SSHD End -------------------------
--------------------- Sudo (secure-log) Begin ------------------------
==============================================================================
nagios => root
--------------
/usr/sbin/smartctl - 4 Times.
==============================================================================
root => administrator
---------------------
/usr/bin/gconftool - 3 Times.
**Unmatched Entries**
pam_unix(sudo:session): session opened for user root by (uid=0): 4 Time(s)
pam_unix(sudo:session): session closed for user root: 4 Time(s)
pam_unix(sudo:session): session closed for user administrator: 3 Time(s)
pam_unix(sudo:session): session opened for user administrator by
(uid=0): 3 Time(s)
---------------------- Sudo (secure-log) End -------------------------
###################### Logwatch End #########################
More information about the ubuntu-users
mailing list