I need a log file of penetration attempts to my server. Ideally, this log should contain all attempts including logins, HTTPD activities, FTP activities, NFS, and other conventional open ports. However, it is enough for me to have HTTPD, FTP, and NFS.
Is there such service (or log files) available in CentOS (built-in preferred)?
There is no single log file that included that logs all these things. You will need to go through all your logs and extract single lines. You can ofcourse facilitate this with a regex.
One thing you might want to opt for is using OSSEC on your machine. It's a host based intrusion detection system and it actually keeps logs of all malicious login attempts on your server. Even better: it blocks ip's when they try to bruteforce your machine.
Following are the logs files.
Http:
/var/log/httpd/access.log
- All the information about who access your site./var/log/httpd/error.log
- All the error logs of your web-site are stored there.It also depends on virtualhost configurations what file you defined for logs, default files are above.
Security:
All security related logs stored in
Syslog: System wide messages stored in
Maillog: Maillog stored in
VSFTPD: ftp log file depends on your configuration. see the
xferlog_file=/var/log/xferlog
if you are using vsftpd and also enablexferlog_enable=YES
Better to configure fail2ban for log file monitoring.
What you (probably) want is called a "host intrusion detection system". Search for that term (and linux) to see what is available.