Where and how can I get the list of the failed login and sudoers in CentOS v8?

Support for security such as Firewalls and securing linux
Post Reply
User avatar
EnterpriseAdmin
Posts: 12
Joined: 2020/08/25 11:11:47

Where and how can I get the list of the failed login and sudoers in CentOS v8?

Post by EnterpriseAdmin » 2020/08/28 04:07:34

People,

For CentOS v8 Linux, where and how can I get the event logs for the:
1. Failed SSH (port TCP/22) connection
2. Failed sudoers

Thank you in advance.
Kind Regards,

Enterprise System Administrator

Image

User avatar
jlehtone
Posts: 3101
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Where and how can I get the list of the failed login and sudoers in CentOS v8?

Post by jlehtone » 2020/08/28 06:33:02

Probably /var/log/secure


User avatar
EnterpriseAdmin
Posts: 12
Joined: 2020/08/25 11:11:47

Re: Where and how can I get the list of the failed login and sudoers in CentOS v8?

Post by EnterpriseAdmin » 2020/08/31 00:06:02

jlehtone wrote:
2020/08/28 06:33:02
Probably /var/log/secure
# cat /var/log/secure
cat: /var/log/secure: No such file or directory

No such logs?
Kind Regards,

Enterprise System Administrator

Image

User avatar
EnterpriseAdmin
Posts: 12
Joined: 2020/08/25 11:11:47

Re: Where and how can I get the list of the failed login and sudoers in CentOS v8?

Post by EnterpriseAdmin » 2020/08/31 00:07:01

tunk wrote:
2020/08/28 09:54:18
1. lastb
Yes, this is showing me some stuff, how does the time here showing as UTC or local time zone?
Kind Regards,

Enterprise System Administrator

Image

User avatar
jlehtone
Posts: 3101
Joined: 2007/12/11 08:17:33
Location: Finland

Re: Where and how can I get the list of the failed login and sudoers in CentOS v8?

Post by jlehtone » 2020/08/31 06:57:46

EnterpriseAdmin wrote:
2020/08/31 00:06:02
cat: /var/log/secure: No such file or directory

No such logs?
Those files are written by 'rsyslog'.

When did you install? Looking now, rsyslog is a mandatory package in you group 'Core', so should install even with "Minimal", but earlier (before 8.2?) it apparently wasn't (for I have couple 8 without).

Post Reply

Return to “CentOS 8 - Security Support”