Re: User mail

TheJuiceman · ‎02-28-2006

Hi everyone,

I am wondering if anyone has put together a script that will monitor user mail for signs of anomolies such as an attack. Thanks in advance for sharing!!!

F Verschuren · ‎02-28-2006

hy,

I monitor on lines in the /var/adm/syslog/syslog.log
Depening on how You normaly monitor your system you need a adisional script, tng, tivoly and hpopenview can be configured to monitor this lines.
the lines are:

rexecd[28617]: read: Connection refused
DBLISTENER[28853]: .CADB_F_999 Pid=28853: Interrupted child process is being terminated
remshd[28952]: Connection from 0.0.0.0 on illegal port
telnetd[29024]: getpid: peer died: Error 0
ftpd[10504]: FTP LOGIN REFUSED (ftp not in /etc/passwd) FROM manual-1.1.1.1, anonymous

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: User mail

User mail

Re: User mail