- 論壇徽章:
- 0
|
linux版本 redhat AS4.5
一直在用denyhosts 來避免ssh的攻擊 ����,今天發(fā)現(xiàn) hosts.deny文件中沒東西了。檢查發(fā)現(xiàn) 所有的登陸日志都寫入到了messages的日志中了�����。而并非 secure中���。
Dec 15 08:02:19 pui sshd[21999]: Failed password for root from 218.206.128.246 port 38882 ssh2
Dec 15 08:02:20 pui sshd[22001]: Failed password for root from 218.206.128.246 port 38988 ssh2
syslogd.conf 如下,明明是將authpriv的所有記錄都記錄到secure中的��,不明白為什么寫到了messages中了 而messages處事 authpriv.none
求高人指點�。
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log |
|
免費注冊
發(fā)表于 2009-12-15 10:14
發(fā)表于 2009-12-15 10:51
