Re: Question on security..

Previous thread: [head tinderbox] failure on powerpc/powerpc by FreeBSD Tinderbox on Tuesday, January 15, 2008 - 6:58 am. (1 message)

Next thread: [head tinderbox] failure on i386/i386 by FreeBSD Tinderbox on Tuesday, January 15, 2008 - 10:22 am. (3 messages)

[view original message]

From: Richard Bates

Subject: Question on security..

Date: Tuesday, January 15, 2008 - 9:00 am

I know login failures are logged in /var/log/auth.log

is there a way to log the login of users in this log
say something like

Jan 15 10:59:00 MyServer sshd[91869]: User bates authenticated from  
172.18.1.139
Jan 15 10:59:00 MyServer sshd[91869]: User bates Disconnected from  
172.18.1.139

================================
=== Richard Bates
=== TELEHOUSE America
================================


_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to &quot;freebsd-current-unsubscribe@freebsd.org&quot;
[ message continues ]

[view original message]

From: Robert Watson

Subject: Re: Question on security..

Date: Tuesday, January 15, 2008 - 9:18 am

The normal system lastlog, accessed via last(1), does this fairly well.  As 
you notch up the level of logging on sshd, it should also be able to do that. 
However, I tend to use audit for the above type of functionality, as the 
results are more parseable using tools like auditreduce.  There's a handbook 
chapter on how to configure and use audit, should you be looking for something 
a bit more on that scale of things.

Robert N M Watson
Computer Laboratory
University of Cambridge
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to &quot;freebsd-current-unsubscribe@freebsd.org&quot;
[ message continues ]

[view original message]

From: Richard Bates

Subject: Re: Question on security..

Date: Wednesday, January 16, 2008 - 12:00 pm

Ok,
	I setup a test server with
    	FreeBSd 6.2 installed
	Compiled the kernel to include auditd
	SAMBA3, NetAtalk, and SSH enabled

Audit seems to log the ssh connections,
but doesn't log the smb/cifs netatalk connections.
I'd also like to monitor MySQl connections.


Is there a way to do this?
I went through the audit section of the handbook,
but there is nothing specific.

Thanks


_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to &quot;freebsd-current-unsubscribe@freebsd.org&quot;
[ message continues ]

[view original message]

From: John Chung

Subject: Re: Question on security..

Date: Tuesday, January 15, 2008 - 9:50 am

type in the terminal: 
last

display who login.

john






      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to &quot;freebsd-current-unsubscribe@freebsd.org&quot;
[ message continues ]

[view original message]

From: Tim Clewlow

Subject: Re: Question on security..

Date: Tuesday, January 15, 2008 - 10:32 am

Hello, login successes are also logged in /var/log/auth.log - if you just want
to see the successful ssh logins, then do:

# cat /var/log/auth.log | grep -e &quot;ssh.*Accept&quot;

If you want to see a list of currently logged in users, then do:

# who

Cheers, Tim.


      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to &quot;freebsd-current-unsubscribe@freebsd.org&quot;
[ message continues ]

[view original message]

From: Brian A. Seklecki

Subject: Re: Question on security..

Date: Tuesday, January 15, 2008 - 9:08 am

You can bump the debugging level in sshd(8).  Read sshd_config(5) man
page, and/or check out the debugging options available via PAM

~BAS


-- 
Brian A. Seklecki &lt;bseklecki@collaborativefusion.com&gt;
Collaborative Fusion, Inc.




IMPORTANT: This message contains confidential information and is intended only for the individual named. If the reader of this message is not an intended recipient (or the individual responsible for the delivery of this message to an intended recipient), please be advised that any re-use, dissemination, distribution or copying of this message is prohibited.  Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system.


_______________________________________________
freebsd-current@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-current
To unsubscribe, send any mail to &quot;freebsd-current-unsubscribe@freebsd.org&quot;
[ message continues ]


linux-kernel:
Stefan Richter	Re: sata & scsi suggestion for make menuconfig
Rafael J. Wysocki	[Bug #11409] build issue #564 for v2.6.27-rc4 : undefined reference to `NS8390p_in...
Greg Kroah-Hartman	[PATCH 20/36] Driver core: Call device_pm_add() after bus_add_device() in device_a...
Marcin Slusarz	Re: [PATCH] ufs: [bl]e*_add_cpu conversion
Andrew Morton	2.6.23-rc6-mm1
git:
Junio C Hamano	Re: git-svnimport
Anuj Gakhar	Git Architecture Question
Johannes Schindelin	Re: [PATCH] Fix approxidate("never") to always return 0
A Large Angry SCM	Re: [RFC] origin link for cherry-pick and revert
Gabriel	[PATCH] When a remote is added but not fetched, tell the user.
linux-netdev:
Gerrit Renker	v2 [PATCH 1/4] dccp: Limit feature negotiation to connection setup phase
Daniel Lezcano	getsockopt(TCP_DEFER_ACCEPT) value change
David Miller	Re: 2.6.27.18: bnx2/tg3: BUG: "scheduling while atomic" trying to ifenslave a seco...
Ingo Molnar	Re: [regression] nf_iterate(), BUG: unable to handle kernel NULL pointer dereference
Gerrit Renker	[PATCH 37/37] dccp: Debugging functions for feature negotiation
git-commits-head:
Linux Kernel Mailing List	ath9k_htc: Allocate URBs properly
Linux Kernel Mailing List	[ARM] dma: use new dmabounce_sync_for_xxx() for dma_sync_single_xxx()
Linux Kernel Mailing List	MIPS: Cavium: Remove unused watchdog code.
Linux Kernel Mailing List	V4L/DVB (8976): af9015: Add USB ID for AVerMedia A309
Linux Kernel Mailing List	ARM: 5670/1: bcmring: add default configuration for bcmring arch
openbsd-misc:
Christophe Rioux	Implementation example of snmp
Jason Dixon	Re: any web management gui for pf ?
Nick Holland	Re: booting openbsd on eee without cd-rom
Bryan Irvine	Re: OpenBSD 4.7 Released, May 19 2010
Marco Peereboom	Re: Singularity OS