[SOLVED]Where are attempted access logs kept now?

Support for security such as Firewalls and securing linux
Post Reply
lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

[SOLVED]Where are attempted access logs kept now?

Post by lightman47 » 2015/07/31 11:21:47

In previous versions I was able to see what user IDs were being used for SSH/FTP login attempts by bot-nets, etc by viewing /var/log/secure. Now with systemd (or whatever), I can't seem to find that info.I am sure it's root they're using - it usually is - but I wish to make sure.

Yes - I again brought this on myself. I pinged an address to find out where it was, thus supplying my address as a target. Now fail2ban is busy for the next month or two ...
Last edited by lightman47 on 2015/07/31 11:29:50, edited 1 time in total.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Where are attempted access logs kept now?

Post by TrevorH » 2015/07/31 11:24:48

Same place as before - /var/log/secure.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

lightman47
Posts: 1521
Joined: 2014/05/21 20:16:00
Location: Central New York, USA

Re: Where are attempted access logs kept now?

Post by lightman47 » 2015/07/31 11:28:38

Thanks. Once I saw your reply I realized I was looking at the file on the wrong machine. Some days ...
:roll:

Post Reply