|
|
|
|
|
|
by Sanguinez
6050 days ago
|
|
|
There isn't one single solution to cover all angles.
So yes, logs are useful but won't protect you either. And yes, they could help you to discover intrusion. Regarding authentication, you could use public/private key auth for ssh. This is stronger than passwords.
You could also use two factors authentication (look for yubikey for an example) And yes, such a tool exist: for instance tripwire. |
|
|
Custom logs generated by your own app for things like login attempts, etc, are definitely useful for detecting issues. I was referring more to things like apache connection logs, and other logs generated by other programs - I would imagine that there's a huge range of things to look for.