where are logs if any change password?
This is a discussion on where are logs if any change password? within the Linux Security forums, part of the System Security and Security Related category; my question is in toppic. I search in /var/log/messages /var/log/secure /var/log/messages.... I dont find ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
10-22-2004
|
|||
|
|||
Re: where are logs if any change password?
it's usually in /var/log/auth.log checkout /etc/syslog.conf there should be a line like: auth,authpriv.* /var/log/auth.log if it's not there... add it in. Leon +-------------------------------+---------------------------------------+ | leon kyneur | email : leon@dexterous.org | | technical monkey | icq : 13198110 | +-------------------------------+---------------------------------------+ | "Which is worse : ignorance or apathy? Who knows? Who cares?" | +-----------------------------------------------------------------------+ | gpg fingerprint : BE0E 19A3 865C 277D 3071 A1FB A9F0 815E E240 F00C | +-----------------------------------------------------------------------+ On Wed, 20 Oct 2004, pro wrote: > my question is in toppic. > I search in > /var/log/messages > /var/log/secure > /var/log/messages.... > I dont find this. > Where I find data when user change self password? > > Prosty > > > 
|
|
10-22-2004
|
|||
|
|||
|
Re: where are logs if any change password?
>> my question is in toppic. >> I search in >> /var/log/messages >> /var/log/secure >> /var/log/messages.... >> I dont find this. >> Where I find data when user change self password? >> >> Prosty >> >>> On Wed, 20 Oct 2004, pro wrote: it is logged to /var/log/messages: Oct 22 10:52:26 abyss passwd(pam_unix)[3752]: password changed for andi A.
|
|
10-26-2004
|
|||
|
|||
|
Re: where are logs if any change password?
sorry... this dont work...
I have RedHat 8.0 when I add new user test: in: /log/secure useradd[22108]: new group: name=test, gid=1299 useradd[22108]: new user: name=test, uid=1295, gid=1299, home=/home/test, shell=/bin/bash then I log as test and change password [test]$ passwd Changing password for user test. Changing password for test (current) UNIX password: New password: Retype new password: passwd: all authentication tokens updated successfully. in messages I have only info when user passed or failur login... ant nothing about change password... and no sing in /log/secure /log/message /log/any my syslog.conf: # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;news.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. auth*,auth,authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log # # INN # news.=crit /var/log/news/news.crit news.=err /var/log/news/news.err news.notice /var/log/news/news.notice ## all *.* /var/log/any Is possible that this linux RH8.0 don't write this information? Prosty
|
|
11-12-2004
|
|||
|
|||
|
Re: where are logs if any change password?
On 2004-10-26, pro <taki_spam@wp.pl> wrote: > when I add new user test: > in: /log/secure > useradd[22108]: new group: name=test, gid=1299 > useradd[22108]: new user: name=test, uid=1295, > gid=1299, home=/home/test, shell=/bin/bash So *that's* the infamous "test" account that those ssh attackers are after! Now it makes sense... -- --- SIGSEGV (Segmentation fault) @ 0 (0) --- +++ killed by SIGSEGV +++
|
Linear Mode
