Results 1 to 7 of 7
  1. #1

    Monitor FTP and SSH

    Hi all,

    Hope this is in the right forum.

    Can anyone please suggest a simple script (shell or cpanel/whm is fine) that will allow me to monitor active FTP connections on my deciated server?

    I would also like to find something similar regarding SSH, detailing current connections/attempts and where they are coming from.

    Very much appreciate your help!

  2. #2
    Join Date
    Mar 2003
    A little off topic, but you may want to reconsider allowing SSH access as it can sometimes create a security hazard.

    Generally it should only be granted to people who have an actual need for shell access...
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ - Security notices for the hosting community.

  3. #3
    You can enable detailed logging for sshd in its config file.

  4. #4 ngrep works well tcpdump works better

  5. #5
    Join Date
    Jan 2004
    York, UK
    Quote Originally Posted by scout4a
    You can enable detailed logging for sshd in its config file.
    And make sure people login to a "jailed" shell - not a perfect cure-all but can stop a good number of simple hacks/cracks.

  6. #6
    Awsome guys, thanks for all your help so far.
    I only have one domain with shell access and that one is jailed.
    In my logs I see heaps of attempts to log in though.
    I would like a visual method of seeing this activity.

    I'll look at ngrep and tcpdump.

    Thanks again!

  7. #7
    Isn't it amazing what a bit of study and self help can do!
    Thanks for all your assistance.

    tail -f /var/log/messages
    tail -f /var/log/xferlog
    tail -f /var/log/secure

    all happy now

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts