[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] local ftp and pop3 logins

Subject: Re: [cobalt-security] local ftp and pop3 logins
From: John Bailey <support@xxxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 15 Mar 2001 20:04:20 +0000 (GMT)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> Its a pain in the arse, as most of our logs are full of 127.0.0.1,
> amking it hard to check for real use/abuse etc.

You might want to consider disabling the checker ?  As I view it, the
cobalt status checker is there for people who want to user the web front
end exclusivly, but there's no reason why you can't produce a small script
to replace it which will check for the relevant processes and possibly
e-mail you if they're not found.

If you want to keep it going, you might want to have a look at a log
analyser (yeah, I know you could just use grep -v as someone has pointed
out).  We use Logcheck[1] to filter all the 'everyday junk' out of the
logs and e-mail us the rest.

Regards,

John

[1] http://www.psionic.com/abacus/logcheck/

Follow-Ups:
- Re: [cobalt-security] local ftp and pop3 logins
  - From: Marc Gear

References:
- Re: [cobalt-security] local ftp and pop3 logins
  - From: Gareth Bromley

Prev by Date: Re: [cobalt-security] Bind News
Next by Date: Re: [cobalt-security] Upgrade of BIND to 8.2.3
Previous by thread: Re: [cobalt-security] local ftp and pop3 logins
Next by thread: Re: [cobalt-security] local ftp and pop3 logins

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index