[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers

To: "bodik@xxxxxxxxxx" <bodik@xxxxxxxxxx>, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
From: Chris <r0ck@xxxxxxxxxxxxx>
Date: Thu, 1 Oct 2009 07:38:46 -0600

Same here.  RHEL doesn't even have "/var/log/auth".  We call it /var/log/secure 
- which is 0600:

-rw------- 1 root root 509 Oct  1 09:37 secure

> ----- Original Message -----
> From: "bodik@xxxxxxxxxx" <bodik@xxxxxxxxxx>
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials 
> from Attackers
> Date: Wed, 30 Sep 2009 00:03:51 +0200
> 
> 
> > All standard users have read access to /var/log/auth, so if root
> 
> they shouldn't, at least on my default debian they don't ...
> 
> b
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

>







-- 
_______________________________________________
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com

Powered by Outblaze

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on purpose?
Next by Date: Re: [Full-disclosure] Microsuck delaying patch for SMB2 on purpose?
Previous by thread: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
Next by thread: Re: [Full-disclosure] Full Path Disclosure in most wordpress' plugins [?]
Index(es):
- Date
- Thread