Web Hosting Talk : Web Hosting Main Forums : Dedicated Server : Where can i find the access logs to make sure that...

[holiday]

there isnt anyone attempting to login as root through ssh, or any other IP's trying to gain access to my server?

Im running Ensim 3.5 on Red Hat
Thanks

[pergesu]

/var/log/secure

[holiday]

so i should only be able to see my own IP in there, or is it normal to see other IP's?

[pergesu]

Well, as far as logins go, you only want to see your IP, along with perhaps your provider or server management company, if any. You'll likely see a bunch of attempts, they'll say, "ROOT LOGIN REFUSED FROM xxx.xxx.xxx.xxx" or something along those lines. People are gonna try to login to your machine, nothing you can do about it. And if they do login as root, they can change the log files. So you might want to install tripwire and chkrootkit.

Ideally, you'd log in to SSH via a normal account and then su/sudo to root when you need to. It's not necessary, but it's a good idea to disable remote root logins.