In previous versions I was able to see what user IDs were being used for SSH/FTP login attempts by bot-nets, etc by viewing /var/log/secure. Now with systemd (or whatever), I can't seem to find that info.I am sure it's root they're using - it usually is - but I wish to make sure.
Yes - I again brought this on myself. I pinged an address to find out where it was, thus supplying my address as a target. Now fail2ban is busy for the next month or two ...
[SOLVED]Where are attempted access logs kept now?
-
- Posts: 1521
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
[SOLVED]Where are attempted access logs kept now?
Last edited by lightman47 on 2015/07/31 11:29:50, edited 1 time in total.
Re: Where are attempted access logs kept now?
Same place as before - /var/log/secure.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
-
- Posts: 1521
- Joined: 2014/05/21 20:16:00
- Location: Central New York, USA
Re: Where are attempted access logs kept now?
Thanks. Once I saw your reply I realized I was looking at the file on the wrong machine. Some days ...