Logwatch question.

Support for security such as Firewalls and securing linux

Logwatch question.

Postby DaemonProgrammr » 2012/01/30 10:54:33

One of the more valuable tools in managing my CentOS machine has been proven to be 'Logwatcher'. I love it to bits.

One section of the Logwatcher though, mentiones:

--------------------- httpd Begin ------------------------

Connection attempts using mod_proxy:
98.114.145.42 -> 205.188.251.1:443: 8 Time(s)
98.114.145.42 -> 205.188.251.43:443: 8 Time(s)
98.114.145.42 -> 205.188.251.6:443: 8 Time(s)
98.114.145.42 -> 64.12.202.116:443: 7 Time(s)
98.114.145.42 -> 64.12.202.1:443: 7 Time(s)
98.114.145.42 -> 64.12.202.8:443: 7 Time(s)

Doing some research, mod_proxy is typically used as just that: a proxy server. It's configurable in httpd.conf and seperate conf files in the httpd conf (sub)directory( /ies).



But what I'm wondering:
The fact they were 'attempts', does that mean it failed?
Or am I unwittingly running an open proxy mirror?

I'm not using any proxy mechanisms or utilities (as far as I'm aware of). Would it be a smart thing to comment out the LoadModules for the proxy functions in httpd.conf?
Or am I missing something and would I break stuff? To be honest, those lines in Logwatch do make me a bit nervous..
DaemonProgrammr
 
Posts: 78
Joined: 2011/12/12 12:49:46

Logwatch question.

Postby pschaff » 2012/01/30 11:00:41

pschaff
Retired Moderator
 
Posts: 18277
Joined: 2006/12/13 20:15:34
Location: Tidewater, Virginia, North America


Return to CentOS 5 - Security Support

Who is online

Users browsing this forum: No registered users and 0 guests