linux user group brescia
immagine del castello

Archivio della mailing list

Logcheck (controllo log di sistema)

Luciano Lucini luciano a smapfil.it
Mer 13 Dic 2006 17:11:07 UTC 
Ho scoperto un simpatico tool per i log di sistema una volta installato ti
manda mail a orari scadenziati di tutto ciò che succede sul sistema
dividendo il messaggio in livelli di allarme e mettendo solo quello che di
nuovo è successo dall'ultima volta.
Se a qualcuno interessa si chiama LOGCHECK

Ua e-mail di esempio :

oggetto dell'email :  severlinux 12/13/06:14.30 ACTIVE SYSTEM ATTACK!

Il contenuto :

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Dec 13 13:53:53 serverlinux sendmail[25618]: kBDCrqde025618:
71.245.broadband5.iol.cz [88.100.245.71]: possible SMTP attack:
command=HELO/EHLO, count=3

Security Violations
=-=-=-=-=-=-=-=-=-=
Dec 13 13:39:29 serverlinux sendmail[25114]: kBDBdTRn025114:
stip-212-5-207-98.telecom.sk [212.5.207.98] (may be forged) did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 13 13:53:53 serverlinux sendmail[25618]: kBDCrqde025618:
71.245.broadband5.iol.cz [88.100.245.71]: possible SMTP attack:
command=HELO/EHLO, count=3
Dec 13 13:54:38 serverlinux popper[25630]: (v4.0.5) Unable to get canonical
name of client 192.168.0.15: Host name lookup failure (2) [pop_init.c:1087]
Dec 13 13:56:21 serverlinux sendmail[25655]: kBDCuLWL025655: [219.149.78.77]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 13 13:58:40 serverlinux sendmail[25666]: kBDCwc5g025666: [219.149.78.77]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 13 14:04:52 serverlinux sendmail[25729]: kBDD4qSY025729: [219.149.78.77]
did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Dec 13 14:11:18 serverlinux sendmail[25755]: kBDDBIaJ025755:
chello089078082065.chello.pl did not issue MAIL/EXPN/VRFY/ETRN during
connection to MTA

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
Dec 13 13:30:05 serverlinux kernel: SFW2-OUT-ERROR IN= OUT=eth1
SRC=192.168.253.2 DST=195.68.221.222 LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=7267 DF PROTO=TCP SPT=7963 DPT=6667 WINDOW=1460 RES=0x00 ACK FIN URGP=0
OPT (0101080A10A6E2929E900EFD) 
Dec 13 13:30:09 serverlinux kernel: SFW2-FWDint-DROP-DEFLT-INV IN=eth0
OUT=eth1 SRC=192.168.0.8 DST=192.168.253.20 LEN=48 TOS=0x00 PREC=0x00
TTL=127 ID=59746 DF PROTO=TCP SPT=139 DPT=3613 WINDOW=17520 RES=0x00 ACK SYN
URGP=0 OPT (020405B401010402) 
Dec 13 13:30:12 serverlinux kernel: SFW2-FWDint-DROP-DEFLT-INV IN=eth0
OUT=eth1 SRC=192.168.0.8 DST=192.168.253.20 LEN=48 TOS=0x00 PREC=0x00
TTL=127 ID=59760 DF PROTO=TCP SPT=139 DPT=3613 WINDOW=17520 RES=0x00 ACK SYN
URGP=0 OPT (020405B401010402) 
Dec 13 13:30:18 serverlinux kernel: SFW2-FWDint-DROP-DEFLT-INV IN=eth0
OUT=eth1 SRC=192.168.0.8 DST=192.168.253.20 LEN=48 TOS=0x00 PREC=0x00
TTL=127 ID=59761 DF PROTO=TCP SPT=139 DPT=3613 WINDOW=17520 RES=0x00 ACK SYN
URGP=0 OPT (020405B401010402)


Luciano

Maggiori informazioni sulla lista Lug