If you have a binary that is outputting information to standard output, you can save the information 2 ways. You can direct the output to a file using >> or you can use a pipe with a tee. When you use >> you will not see the output, it will directly get dumped into the file, which is why the pipe and the tee is useful. Lets say you want to monitor your your mail.log. Open it with tail -f, and watch it on the screen:
sudo tail -f /var/log/mail.log
I find it interesting sometimes to watch spam and viruses get processed by the server.
Now if you want to save this output to a file other than the default mail.log you can direct the stdout to a file using >>:
sudo tail -f /var/log/mail.log >> ~/mail_bak.log
If you want to view the tail, while you are also saving it to a backup log file, use:
sudo tail -f /var/log/mail.log | tee ~/mail_bak.log
Two options, I use them both on occasion.
Apache2 Virtualhosting with a Single SSL Host »« Fstab – Manual Mounting and Udev Auto
Your auth.log file is the first step in determining of an intrusion is being attempted, or has occured. It logs all ssh connection attempts, cron jobs, and su calls. If an ssh brute force attach is occurring you will see countless failed ssh login attempts. Most likely various usernames will be attempted. You should immediately stop the ssh server and implement some security countermeasures. Implement various rules in your hosts.allow and hosts.deny files any if you want implement some iptables rules. Host.allow and deny should be enough; the files control tcp connections to your running system daemons. Iptables will block ip numbers just at the connection attempt is made to the computer so for ultimate security implemente iptables and various host rules.
After locking down your servers you will see brute force attacks stop, and your auth.log file will be mainly filled with cron jobs and su commands by users and daemons. The cron jobs are automated process run by various applications, and are mostly run as root. Mail servers, and other tasks are typically managed by cron jobs. You can check user specific cron jobs using the crontab command. Use option -e to edit a users jobs.
Sshd_config Settings Rundown »« Rewiring Your Optimum Cablevision Connections
Dealing with dos and brute force attacks can be a daunting challenge. You can manually adjust your firewall to block particular ip addresses, but why not automate the process? What if a program can monitor your authentication, and other log files for suspicious activity? In these log files is a tremendous amount of info about failed login attempts, and how many times an ip address connects to your web server. Using this information a program can automatically adjust your firewall to block the offending ip addresses. Fail2ban does just this. The program automatically monitors the log files of many programs. Most important is apache, and ssh. http://www.fail2ban.org/wiki/index.php/Main_Page
Success For Your Resume »« SPAM is Relentless and Practically Impossible to Get Rid of
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=3d636c5f-6390-4670-846a-1ac3fcac0e47)
