I've got a few questions that may help me, if not now, in the future with
hackers....
I know about cops, satan, and tripwire... which I'm working on but here goes...
1.
when I do a "last", machine names aren't full, they get cutoff (ex:
ROCHB108-08.spli )
is there a way to get the full name or ip logged?
2.
aren't su sessions logged? I can't seem to find where. I've looked in
/var/adm files
3.
can you lock out services (telnet, etc) if the ip doesn't resolve to a
machine name?
4.
(a little off topic of the group, but how do you re-enable /var/log/secure
logging on readhat linux 5.0?)
Thanks,
Dan
--------------------------------------------------------------------------
Dan Kirkpatrick dkirk_at_phy.syr.edu
Computer Systems Manager
Department of Physics
Syracuse University, Syracuse, NY
http://www.phy.syr.edu/~dkirk Fax: (315) 443-9103
--------------------------------------------------------------------------
Received on Thu Feb 11 1999 - 18:09:19 NZDT