On a VPS where I host some blogs /var/log/btmp file is fairly old - but is at 6.2 gigs.
I assume this means a lot of failed login attempts? Is this common over the course of a year ? Bots trying to get server access?
From serverfault
Hendler
-
I'm not familiar with the system which keeps it's ssh login info in that file (mine is in /var/log/authlog) but yes, automated attempts to log into ssh is a common part of what I consider the "background noise" of the internet. Often changing the port ssh listens on can cut this log clutter down considerably, though it's important not to confuse that with making your server more secure from a purposeful entry attempt.
Josh Brower : +1 for cutting down on background noise, and pointing out that it is not Security through ObscurityFrom Devin Ceartas -
If you would like to rotate that log every month you can try add the below code to /etc/logrotate.conf
/var/log/btmp { monthly minsize 1M create 0600 root utmp rotate 1 }From Josh Budde
0 comments:
Post a Comment