It depends on what you're using, I generally catch that stuff on the edge.  Currently we're using Cisco gear and we use syslog to send that to an IDS.  You could do the same with linux iptables has a built in chain called LOG, so you would add firewall rules of "interesting traffic" by adding a jump to log (`... -j LOG ...`).  This will make the log events go to syslog, probably /var/log/message, but you could send it to a dedicated file via syslog config if you want.


On Mon, Sep 1, 2014 at 4:44 PM, Michael Havens <bmike1@gmail.com> wrote:
What logs would record that stuff? I want to see!

:-)~MIKE~(-:


On Wed, Aug 27, 2014 at 7:32 AM, Bob Elzer <bob.elzer@gmail.com> wrote:

My question would be, how many times a day does someone try to break into your system ?

If you don't know the answer then maybe you should be running a firewall.

It really depends on whether your network is secure or not, usually what secures your network is a firewall. If that's the one on your router then that should be enough.

Looking in your log files for strange IP's and failed password attempts will let you know if people are trying to get in, if you're running a web server look in the error logs for attempts to access non existing files, usually a bunch from the same IP.

Windows may have more vulnerabilities, but they will still try to break into Linux systems.

Search and read about fail2ban, that's one tool to use when you need to have a service open to the internet.

Hope this helps

On Aug 26, 2014 8:15 PM, "Michael Havens" <bmike1@gmail.com> wrote:
I hear people say, "Even Linux users need a firewall."
My question is..... why? I've runlinux since '98 w/o a firewall (aside from the one sent with my modem/router). Isn't that good enough?
:-)~MIKE~(-:

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss


---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss



--
Paul Mooring
Operations Engineer
Chef