[ale] What creates /var/log/faillog ?

Chuck Payne terrorpup at gmail.com
Mon Sep 22 11:55:43 EDT 2014 

Raj,

Do you have lsof installed, you got a lot of great answer for the guys, but
if you aren't sure what writing a file, you have your good friend lsof to
the recuse. This is good to know incase you have find a process or a
service you do not know.

Since you where wonder what wrote file log, the first thing to do see what
process might be writing the file.

lsof | grep  /var/log/faillog

I am going to use the example with my firewall called tengu

lsof grep | grep tengu

mysqld     2966 23380       mysql   71u      REG                8,6
 151472    2364586 /var/lib/mysql/tengu/ips.MYD
mysqld     2966 23380       mysql   72u      REG                8,6
 1024    2364588 /var/lib/mysql/tengu/whitelist.MYI
mysqld     2966 23380       mysql   73u      REG                8,6
0    2364589 /var/lib/mysql/tengu/whitelist.MYD
sh        11792              root   10r      REG                8,6
20964    7480015 /usr/local/bin/tengu
sh        11802              root   10r      REG                8,6
20964    7480015 /usr/local/bin/tengu
sh        21553              root   10r      REG                8,6
20964    7480015 /usr/local/bin/tengu
sh        21564              root   10r      REG                8,6
20964    7480015 /usr/local/bin/tengu

A break down of lsof

1st column is the process running
2nd column is the pid
3rd column is the user
4th is FD
5th is Type
6th is Device where the server is running
7th is size/off
8th Node
9th name of the files it is suing,

So I found an active pid, and I use lsof to show me what files and process
are in

lsof -p 12197
COMMAND   PID USER   FD   TYPE DEVICE SIZE/OFF    NODE NAME
sh      12197 root  cwd    DIR    8,6     4096 7471772 /usr/local/bin
sh      12197 root  rtd    DIR    8,6     4096       2 /
sh      12197 root  txt    REG    8,6   106920 9699332 /bin/dash
sh      12197 root  mem    REG    8,6  1599536 6685394
/lib/x86_64-linux-gnu/libc-2.13.so
sh      12197 root  mem    REG    8,6   136936 6685389
/lib/x86_64-linux-gnu/ld-2.13.so
sh      12197 root    0u   CHR    4,2      0t0    1043 /dev/tty2
sh      12197 root    1u   CHR    4,2      0t0    1043 /dev/tty2
sh      12197 root    2u   CHR    4,2      0t0    1043 /dev/tty2
sh      12197 root   10r   REG    8,6    20964 7480015 /usr/local/bin/tengu


Again, lsof is great to see what might be writing and where the program
that is wring the log is. I know it a bit munch but if Google letting you
down, and you want to make sure it not some script kiddies script running
on a server, lsof is your sherlock to find what doing what.



On Mon, Sep 22, 2014 at 11:22 AM, Paul Cartwright <pbcartwright at gmail.com>
wrote:

> An HTML attachment was scrubbed...
> URL: <
> http://mail.ale.org/pipermail/ale/attachments/20140922/c08d072e/attachment.html
> >
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>



-- 
Terror PUP a.k.a
Chuck "PUP" Payne

(678) 636-9678
-----------------------------------------
Discover it! Enjoy it! Share it! openSUSE Linux.
-----------------------------------------
openSUSE -- Terrorpup
openSUSE Ambassador/openSUSE Member
skype,twiiter,identica,friendfeed -- terrorpup
freenode(irc) --terrorpup/lupinstein
Register Linux Userid: 155363

Have you tried SUSE Studio? Need to create a Live CD,  an app you want to
package and distribute , or create your own linux distro. Give SUSE Studio
a try.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20140922/21397dea/attachment.html>

More information about the Ale mailing list