|
Full Disclosure
mailing list archives
Re: Modifying SSH to Capture Login Credentials from Attackers
From: Chris <r0ck () operamail com>
Date: Thu, 1 Oct 2009 07:38:46 -0600
Same here. RHEL doesn't even have "/var/log/auth". We call it /var/log/secure - which is 0600:
-rw------- 1 root root 509 Oct 1 09:37 secure
----- Original Message -----
From: "bodik () civ zcu cz" <bodik () civ zcu cz>
To: full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Date: Wed, 30 Sep 2009 00:03:51 +0200
All standard users have read access to /var/log/auth, so if root
they shouldn't, at least on my default debian they don't ...
b
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
Powered by Outblaze
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Re: Modifying SSH to Capture Login Credentials from Attackers Chris (Oct 01)
| 
