Closed ricard-inho closed 5 years ago
when I check the /var/log/syslog
I found a client that has been denied 20 times starting at 8:30 until 9:36. I looks like it stopped after. This was the message:
Mar 14 09:36:26 s17925818 named[30442]: client 207.254.182.94#53530 (c9-11.com): query (cache) 'c9-11.com/TXT/IN' denied
@ricardmc99 That is the named
service that I already logged as #1. I don't think it is urgent, but I think that we may need to investigate our DNS settings.
Access the production server using the appropriate account. Check the following. If you find anything that needs follow up or investigation, create appropriate Issues in this repository.
[x] Check
/var/log/unattended-upgrades/unattended-upgrades.log
to verify that security updates installed without problems.[x] Run
grep 'Accepted password' /var/log/auth.log
; all search hits should be for one of two expected accounts.[x] Check
/var/log/syslog
for anything unusual. (Most entries will be hourlycron
jobs.)[x] Run
~/logdays.sh 2
to identify log files updated within the last 48 hours. (Replace 2 with 3 on Mondays.) Browse some of these; especially unusual ones; look for anything out of the ordinary.