Re: [sshd] send a mail when a event login occur ?
- From: Ayaz Ahmed Khan <ayaz@xxxxxxxxxxxxxxxx>
- Date: 30 Sep 2006 18:19:29 GMT
"Barton L. Phillips" typed:
Carlos Moreno wrote:
Ertugrul Soeylemez wrote:
The actual problem with this "mail bombing" is that you would
reveal all user names by this method, unless you send
signed/encrypted mails. If you need to see that remotely, then
you're better of tail-ing the log file for your SSHd over an own
SSH session, e.g.:
# tail -f /var/log/auth.log
But another problem with this is that if the bad guys succeed in
breaking into the machine through SSH, they could tamper with the
log files.
The idea of sending an e-mail sounded to me like the OP wants to
get around the possibility of log-tampering (there is no way that
the intruder will have time o tamper with the system in time to
prevent the e-mail from leaving the machine ... Of course, unless
the e-mail is sent to an address that is received by a sendmail
running on the same machine!!! :-) )
Why not just remote log? Email could end up creating a lot of
traffic.
My sentiments exactly. Setting up syslog or syslog-ng to send logs to
a remote logging server is a much better approach.
--
Ayaz Ahmed Khan
Say something you'll be sorry for, I love receiving apologies.
.
- Follow-Ups:
- Re: [sshd] send a mail when a event login occur ?
- From: Ertugrul Soeylemez
- Re: [sshd] send a mail when a event login occur ?
- References:
- Re: [sshd] send a mail when a event login occur ?
- From: Carlos Moreno
- Re: [sshd] send a mail when a event login occur ?
- From: Barton L. Phillips
- Re: [sshd] send a mail when a event login occur ?
- Prev by Date: Re: [sshd] send a mail when a event login occur ?
- Next by Date: Re: No more IP spoofing??
- Previous by thread: Re: [sshd] send a mail when a event login occur ?
- Next by thread: Re: [sshd] send a mail when a event login occur ?
- Index(es):
Relevant Pages
|
