Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Modifying SSH to Capture Login Credentials from Attackers

From: Chris <r0ck () operamail com>
Date: Thu, 1 Oct 2009 07:38:46 -0600
Same here.  RHEL doesn't even have "/var/log/auth".  We call it /var/log/secure - which is 0600:

-rw------- 1 root root 509 Oct  1 09:37 secure


----- Original Message -----
From: "bodik () civ zcu cz" <bodik () civ zcu cz>
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Date: Wed, 30 Sep 2009 00:03:51 +0200



All standard users have read access to /var/log/auth, so if root


they shouldn't, at least on my default debian they don't ...

b

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/












-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: