Working on a security program
Saifi Khan
saifi.khan at datasynergy.org
Thu Apr 1 21:33:38 PDT 2010
On Tue, 30 Mar 2010, Walter wrote:
> Hi, all. Despite my lack of response (sorry), I've been
> working on a security program. Right now it uses auth.log
> to identify failed login attempts via telnet, ftp, and (of
> course) ssh. I'm planning on "hard coding" this unless
> someone tells me I should look at other log files too.
>
> I'm working on adding a check if the outside IP address
> changing to be able to reload the firewall if it uses it.
> And I'm thinking it'd be good to check if any of the system
> programs are changed - check the date-time stamp and size.
> These sorts of things can be done on a low rate periodic
> interval.
>
> This has become somewhat of a compulsion for me of late,
> partly because I think it's a thing that ought to be, and
> because I'm using it to refresh my programming brain. I
> would appreciate insights. Thanks.
>
> Walter
>
Would setting up 'snort' help ?
--
thanks
Saifi.
More information about the Users
mailing list