Working on a security program

Walter walter at spam.no
Tue Mar 30 08:01:50 PDT 2010


Hi, all.  Despite my lack of response (sorry), I've been
working on a security program.  Right now it uses auth.log
to identify failed login attempts via telnet, ftp, and (of
course) ssh.  I'm planning on "hard coding" this unless
someone tells me I should look at other log files too.
I'm working on adding a check if the outside IP address
changing to be able to reload the firewall if it uses it.
And I'm thinking it'd be good to check if any of the system
programs are changed - check the date-time stamp and size.
These sorts of things can be done on a low rate periodic
interval.
This has become somewhat of a compulsion for me of late,
partly because I think it's a thing that ought to be, and
because I'm using it to refresh my programming brain.  I
would appreciate insights.  Thanks.
Walter





More information about the Users mailing list