论坛徽章:: 0

电梯直达

1楼 [收藏(0)] [报告]

发表于 2009-12-15 10:14 |只看该作者 |倒序浏览

linux版本 redhat AS4.5
一直在用denyhosts 来避免ssh的攻击，今天发现 hosts.deny文件中没东西了。检查发现所有的登陆日志都写入到了messages的日志中了。而并非 secure中。
Dec 15 08:02:19 pui sshd[21999]: Failed password for root from 218.206.128.246 port 38882 ssh2
Dec 15 08:02:20 pui sshd[22001]: Failed password for root from 218.206.128.246 port 38988 ssh2

syslogd.conf 如下,明明是将authpriv的所有记录都记录到secure中的，不明白为什么写到了messages中了而messages处事 authpriv.none
求高人指点。
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                              /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none             /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                           /var/log/secure

# Log all the mail messages in one place.
mail.*                                                 -/var/log/maillog

# Log cron stuff
cron.*                                                 /var/log/cron

# Everybody gets emergency messages
*.emerg                                              *

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                        /var/log/spooler

# Save boot messages also to boot.log
local7.*                                              /var/log/boot.log

文库|博客

jerryjzm

版主

论坛徽章:: 1

2楼 [报告]

发表于 2009-12-15 10:51 |只看该作者

[root@host-lfs ~]# more /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.*                                              /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none             /var/log/messages

# The authpriv file has restricted access.
authpriv.*                                           /var/log/secure

这不是活生生的配置嘛！