Full Disclosure mailing list archives
Re: Modifying SSH to Capture Login Credentials from Attackers
From: Chris <r0ck () operamail com>
Date: Thu, 1 Oct 2009 07:38:46 -0600
Same here. RHEL doesn't even have "/var/log/auth". We call it /var/log/secure - which is 0600: -rw------- 1 root root 509 Oct 1 09:37 secure
----- Original Message ----- From: "bodik () civ zcu cz" <bodik () civ zcu cz> To: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers Date: Wed, 30 Sep 2009 00:03:51 +0200All standard users have read access to /var/log/auth, so if rootthey shouldn't, at least on my default debian they don't ... b _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 9 at http://www.opera.com Powered by Outblaze _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Modifying SSH to Capture Login Credentials from Attackers Chris (Oct 01)