Board index Linux Security

Weird behavior from the secure log file

Weird behavior from the secure log file

Post by Warren E Bullock II » Thu, 31 Oct 2002 12:08:19



I just did a fresh install completely wiping everything clean and installed
Red Hat 7.3.  I completely unhooked all network cables so the system is
conceptually free from outside influence.  Well I decided to look at some of
the log files because I wanted to admire the clean slate.  I opened most all
the logs, in the /var/log directory but the weird thing was the way the
secure log file behaved.  When I used the cat command all I got was two or
three garbage characters.  I then decided to open the file in emacs.  When I

that???  I'm not sure what to make of it because I haven't even been on the
network since I re-installed Linux...  Any explanation would help...

    -Warren E Bullock III

 
 
 
Top

Weird behavior from the secure log file

Post by Warren E Bullock II » Fri, 01 Nov 2002 10:40:42


Scratch this post...

    I realize now that it was not the secure file doing this...  I was
trying to use the cat command to view my lastlog file...

    -Warren E Bullock III



> I just did a fresh install completely wiping everything clean and
installed
> Red Hat 7.3.  I completely unhooked all network cables so the system is
> conceptually free from outside influence.  Well I decided to look at some
of
> the log files because I wanted to admire the clean slate.  I opened most
all
> the logs, in the /var/log directory but the weird thing was the way the
> secure log file behaved.  When I used the cat command all I got was two or
> three garbage characters.  I then decided to open the file in emacs.  When
I

> that???  I'm not sure what to make of it because I haven't even been on
the
> network since I re-installed Linux...  Any explanation would help...

>     -Warren E Bullock III



 
 
 
Top

1. weird behavior with apache access log file and reverse lookups

Hello,
I have a linux box rh7.3 and Apache/1.3.27

i have about 7 virtual hosts. One of them (the busiest) has the names
resolved in the log files. (not good for performance)

I can not figure it out.

i have HostnameLookups off both at the top and i also tried in the
virtual host section as well.

but the log file is still resolving ARG!

Any suggestions?

this is the httpd entry

<VirtualHost ipaddress>

        ServerName www.mydomain.com
        ServerAlias ipaddress
        DocumentRoot /home/mydomain
        ErrorLog /usr2/wwwlogs/mydomain.com-error_log
        CustomLog /usr2/wwwlogs/mydomain.com-access_log combined
        ScriptAlias /cgi-local /home/mydomain/cgi-local
        JkMount       /*.jsp ajp13
        JkMount       /servlet/* ajp13
        ErrorDocument 403 http://www.mydomain.com/403.html
        Header append P3P 'CP="NON DSP COR ADM TAI NOR STA"'
        HostnameLookups off
</VirtualHost>

2. problem compiling 1.3.75

3. secure logs of /var/log/secure

4. More questions about LILO and Disk Manager

5. logging - "secure" logs don't tell me who is logging in?

6. C equivalent to wc -l (count lines in a file)

7. : Weird ">" redirect behavior vs. ">>" redirect behavior

8. dosemu with Diamond Stealth 64 PCI

9. Secure- log files question? help

10. /var/log/secure logs telnet connects but not logins?

11. message in secure log file?

12. Question on /var/log/secure file

13. Can't get Snort to log to /var/log/secure


All times are UTC
Board index