Install Logcheck

Install Logcheck

cd /tmp
tar xvfz logcheck-1.1.1.tar.gz
cd logcheck-1.1.1/systems/

Now change the variable SYSADMIN in SYSADMIN is the person that will receive logcheck’s output per email (this can be an email address or a user on the system where you install logcheck on):



# Logcheck is pre-configured to work on most BSD like systems, however it
# is a rather dumb program and may need some help to work on other
# systems. Please check the following command paths to ensure they are
# correct.

# Person to send log activity to.

# Full path to logtail program.
# This program is required to run this script and comes with the package.


cd ../../
mkdir -p /usr/local/etc/tmp
make linux

This will install logcheck under /usr/local/etc.

Now we have to create a cron job in order to run logcheck periodically. Edit root’s cron file (e.g. /var/spool/cron/crontabs/root, see section 2 “Install Chkrootkit”) and enter the following line:

0 3 * * * /usr/local/etc/

Then run

chmod 600 /var/spool/cron/crontabs/root
/etc/init.d/crond restart

This will invoke logcheck once a day at 3 am. It will now inform you about unusual system events, security violations, system attacks, etc. If your system is exposed directly to the internet you will notice that there are lots of malicious activities in the internet, and you will get a feeling why security is very important.

9 thoughts on “Install Logcheck

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s