Detection of unauthorized entry

Support for security such as Firewalls and securing linux
Post Reply
ContentWriter
Posts: 1
Joined: 2006/07/09 17:26:38
Contact:

Detection of unauthorized entry

Post by ContentWriter » 2006/07/09 17:37:59

When you SSH into a CentOS system as root , you get a message like:

Last login: Sun Jul 9 05:54:46 2006 from ppp-98.176.254.32.vip.yourcompany.com

Is it feasible with CentOS 4 for an intruder to log in and cover his tracks by deleting his login, so that the "Last login:" does not show for him but instead shows for the person before the intruder?

Is this information simply in a text log file, or is this "Last login" information encrypted for security reasons?

It seems like encrypting the last one to log in and then redisplaying it would be an easy way to detect intrusion and make intrusion more difficult (raising the bar to get rid of most of the intruders, but of course not all of them).

Expert knowledge would be appreciated.

foxb
Posts: 1927
Joined: 2006/04/20 19:03:33
Location: Montreal/QC

Detection of unauthorized entry

Post by foxb » 2006/07/10 14:51:27

Yes it is possible to "tamper" login.

That's why you do not allow root to log in via SSH --> change your configuration file /etc/ssh/sshd_config

--->>>PermitRootLogin no

Post Reply

Return to “CentOS 4 - Security Support”