Install Logcheck

Install Logcheck

cd /tmp
wget http://heanet.dl.sourceforge.net/sourceforge/sentrytools/logcheck-1.1.1.tar.gz
tar xvfz logcheck-1.1.1.tar.gz
cd logcheck-1.1.1/systems/

Now change the variable SYSADMIN in logcheck.sh. SYSADMIN is the person that will receive logcheck’s output per email (this can be an email address or a user on the system where you install logcheck on):

[…]
# CONFIGURATION SECTION

PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/ucb:/usr/local/bin

# Logcheck is pre-configured to work on most BSD like systems, however it
# is a rather dumb program and may need some help to work on other
# systems. Please check the following command paths to ensure they are
# correct.

# Person to send log activity to.
SYSADMIN=me@myself.tld

# Full path to logtail program.
# This program is required to run this script and comes with the package.

LOGTAIL=/usr/local/bin/logtail
[…]

cd ../../
mkdir -p /usr/local/etc/tmp
make
make linux
This will install logcheck under /usr/local/etc.

Now we have to create a cron job in order to run logcheck periodically. Edit root’s cron file (e.g. /var/spool/cron/crontabs/root, see section 2 “Install Chkrootkit”) and enter the following line:

0 3 * * * /usr/local/etc/logcheck.sh

Then run

chmod 600 /var/spool/cron/crontabs/root
/etc/init.d/crond restart

This will invoke logcheck once a day at 3 am. It will now inform you about unusual system events, security violations, system attacks, etc. If your system is exposed directly to the internet you will notice that there are lots of malicious activities in the internet, and you will get a feeling why security is very important.
==============================================================>