Hello all: After setting up apache within R.H 7.2, loading web pages, modifying said pages, ect.... but not quite ready for prime time. I was wondering ??? Just what are the logs I need to be watching when I do go prime time (www).
I currently run the site round the clock on my lan and review the cron e-mails to root.
I have installed a firewall, closing unneeded ports and occasionaly scan the site and review the results (only showing port 80 open). Are there any other logs that need my attention?
I am also begining to learn to use Tethereal, but there is so much info that I do not know how to decifer. Any input would really be appreciated. Always LearninLinux....
For Apache, all you need is watch for access.log and error.log . Access log will tell you who access your websites and error log will tell you whom have exploted un-existing pages ( such as those nimda exploits for IIS ). Better yet, use the logrotate to rotate your log files ....
The rest fall under System Security rather than Apache .... So security forum is more appropiate for questions ....
I think I know what you are REALLY asking. I can recommend a few books I use for this:
Maximum Linux Security
Linux Administration, A Begginer's Guide
Apache Server for Dummies
Also, there are a few PHP scripts outthere that will look at your log files and display them in your browser. www.hotscripts.com