...and Greyblade used the keyboard:
>A few weeks ago I was hacked, and at around the same time my
>"/var/log/secure*" logs stopped indicating who is logging in thru telnet or
>ftp. Before that time it always gave me the user name. I have not been
>able to figure out how to get this working again. Please help!
you might want to take a look at your /etc/syslog.conf file, and see
to it that somewhere in there, logging of facility "auth" (or
"security", which is an alias for it) is enabled at all levels.
Just how it is done depends on the technique used to enable logging in
your syslog.conf, but usually it looks like that:
where <somelevel> is one of the valid syslogd levels: debug, info,
notice, warning (warn), err (error), crit, alert and emerg (panic).
Do note that logging of the auth. facility can also be enabled
implicitly, using a wildcard that logs everyting of a given priority
(and possibly above):
would log everything of level info and above to /var/adm/somefile,
would log everything of only level info to /var/adm/somefile.
For a detailed explanation of syslog.conf peculiarities you might want
to take a look at the manual page, "man 5 syslog.conf".
The other possibility is that in /etc/login.defs, logging of
successful logins has been disabled. See "man 5 login.defs" for exact
information on how this is done on your distribution (because it tends
to vary), but it might look like so:
There are also some other options in login.defs that relate to login
logging (logging login :-)), albeit only to failed logins and
FAILLOG_ENAB, LOG_UNKFAIL_ENAB, SYSLOG_SG_ENAB, SYSLOG_SU_ENAB, ...
These are the only two configuration-related options that I can
remember off the top of my head (and there is PAM, but I'm definitely
not acquainted to it enough to even have a hint of whether or not
there are logging options in it, let alone be telling you about it),
but if you didn't reinstall your system after being hacked, there is a
very real possibility that some of your programs have been replaced
and this lack of logging is simply one of the (less harmful, might I
add) consequences of that. See to it that you back up all of your data
and wipe-out-everything/reinstall your system if that was the case.