[Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
r0ck at operamail.com
Thu Oct 1 14:38:46 BST 2009
Same here. RHEL doesn't even have "/var/log/auth". We call it /var/log/secure - which is 0600:
-rw------- 1 root root 509 Oct 1 09:37 secure
> ----- Original Message -----
> From: "bodik at civ.zcu.cz" <bodik at civ.zcu.cz>
> To: full-disclosure at lists.grok.org.uk
> Subject: Re: [Full-disclosure] Modifying SSH to Capture Login Credentials from Attackers
> Date: Wed, 30 Sep 2009 00:03:51 +0200
> > All standard users have read access to /var/log/auth, so if root
> they shouldn't, at least on my default debian they don't ...
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Surf the Web in a faster, safer and easier way:
Download Opera 9 at http://www.opera.com
Powered by Outblaze
Full-Disclosure is hosted and sponsored by Secunia.