i've setup an ssh server on my raspberry pi. I use rsa keys to login, i disabled root login, password authentication and i use port forwarding to login from outside my network.
I can see the connection logs from the file /var/log/auth.log but i noticed that it is cleared on regular basis (i think some days) and can be modified by a standard user.
Isn't this a security problem, someone that manages to break into it could clear the log and leave no traces, can i prevent this?
Aucun commentaire:
Enregistrer un commentaire