Commands and files for security.

Support for security such as Firewalls and securing linux
Post Reply
hack3rcon
Posts: 694
Joined: 2014/11/24 11:04:37

Commands and files for security.

Post by hack3rcon » 2020/10/08 19:27:20

Hello,
Which parts of system and which log files must be monitored by an administrator?

Code: Select all

secure
lastlog
fail2ban.log
audit.log
messages
access.log
Are they enough?
Which commands are useful?
Why "lastlog" file content is something like:

Code: Select all

�a^?_pts/3^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@$
?

Thank you.

BShT
Posts: 327
Joined: 2019/10/09 12:31:40

Re: Commands and files for security.

Post by BShT » 2020/10/09 13:49:45

i receive an email for every fail2ban hit and every ssh login

i have a nagios alert for every user change in all servers and for every password change in some sensible servers

in some servers i have maldet and others with really sensitive data we control files changes, like size change, new files, deleted files.


apache logs we manage with awstat and Google Analytics

hack3rcon
Posts: 694
Joined: 2014/11/24 11:04:37

Re: Commands and files for security.

Post by hack3rcon » 2020/10/10 13:55:44

BShT wrote:
2020/10/09 13:49:45
i receive an email for every fail2ban hit and every ssh login

i have a nagios alert for every user change in all servers and for every password change in some sensible servers

in some servers i have maldet and others with really sensitive data we control files changes, like size change, new files, deleted files.


apache logs we manage with awstat and Google Analytics
How you monitor size change and etc?

BShT
Posts: 327
Joined: 2019/10/09 12:31:40

Re: Commands and files for security.

Post by BShT » 2020/10/20 19:53:42

i dont want to run maldet at a highly requested server farm

then i rsync some directories and scan then at 2 am

and mail me the rsync and maldet output

so i have a passive malware scan and a daily diff just like that

"2020/10/19 02:00:01 [25568] receiving file list
2020/10/19 02:03:40 [25570] >f.sT...... servicos/data/log/log-18-10-20
2020/10/19 02:03:40 [25570] >f+++++++++ servicos/data/log/log-19-10-20
2020/10/19 02:03:42 [25570] sent 70,233 bytes received 8,904,675 bytes 40,518.77 bytes/sec
2020/10/19 02:03:42 [25570] total size is 8,142,563,676 speedup is 907.26"

"scan completed on /data/maldet/: files 292502, malware hits 0, cleaned hits 0, time 14308s"

Post Reply

Return to “CentOS 8 - Security Support”