Linux log surfers

[Airy Harse]

Sorry I can't follow messages, deja has such a large delay at the
moment that it is impossible to track.

Heres what works for me on our production systems.

IPChains, configured using pmfirewall <-- top bit 'O Kit
logsentry
portsentry
tcpwrappers
S/Key
SSH

I write IPChains logs to /var/log/ipchains under syslog, and use
logsentry running every hour during working hours, then every four, to
scan for nasties.

You could also install snort as a real time IDS and hostsentry for
detecting login anomolies.

Quick search on google will reveal loads of log surfers, but log
sentry works for me.

You said in the original post that you use Suse 7.1, I recommend
replacing the Suse firewall with pmfirewall or mason, fewer holes and
easier to administer.

If you use email a lot, junk sendmail and install qmail, or -really-
tighten the screws on sendmail ( personal BIMA there ).

Personally, I reckon a well configured IPChains firewall is as good as
most commercial firewalls on the market and is light years ahead of
those nasty 'personal firewalls' marketed for Windows.

Have fun!

[Wik]

Possibly under the influence of cosmic rays, Airy Harse
(beerandf...@yahoo.co.uk) gave forth with a sudden burst of
eloquence, thus:

> Sorry I can't follow messages, deja has such a large delay at the
> moment that it is impossible to track.

[ker-snip]

> Personally, I reckon a well configured IPChains firewall is as good as
> most commercial firewalls on the market and is light years ahead of
> those nasty 'personal firewalls' marketed for Windows.

Cheers for the advice...

> Have fun!

Oh, I will!
:-)

Wik.
--
|Rik R.- UKRMHRC#10 - 1999 Speed Triple - DC#1 - BOTAFOT#0 - BOD#12
|# You don't believe me | "Experience is the worst teacher.
|That the scenery | It always gives the test first
|Could be a cold-blooded killer. | and the instruction afterward."