• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

ssh logs?

Red Squirrel

Red Squirrel

No Lifer
Where can I find ssh logs in linux? I want to be able to see stuff like:

[10.1.1.20] date - user - failed login
[10.1.1.20] date - user - failed login
[10.1.1.20] date - user - logging accepted
[10.1.1.20] date - user - su password for root accepted
[10.1.1.20] date - root - logged off


Or something along those lines. I want to know exactly who logs on as what user, from what Ip, and when. And I'd like to know if there's any ways to lock out IPs that have 3 failed login attempts (and perhaps even send me an email alert).


 
Originally posted by: RedSquirrel
Where can I find ssh logs in linux? I want to be able to see stuff like:

[10.1.1.20] date - user - failed login
[10.1.1.20] date - user - failed login
[10.1.1.20] date - user - logging accepted
[10.1.1.20] date - user - su password for root accepted
[10.1.1.20] date - root - logged off


Or something along those lines. I want to know exactly who logs on as what user, from what Ip, and when. And I'd like to know if there's any ways to lock out IPs that have 3 failed login attempts (and perhaps even send me an email alert).
Click to expand...

It depends on how syslogd is setup probably. On OpenBSD it's in /var/log/authlog, but I think it's in /var/log/messages on RHES. It should give you the IP the connection is coming from.

You could probably setup swatch to ban the IPs from 3 failed attempts with a little bit of scripting work.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top