Check server logs

[ricard-inho]

Access the production server using the appropriate account. Check the following. If you find anything that needs follow up or investigation, create appropriate Issues in this repository.

• [x] Check /var/log/unattended-upgrades/unattended-upgrades.log to verify that security updates installed without problems.

• [x] Run grep 'Accepted password' /var/log/auth.log; all search hits should be for one of two expected accounts.

• [x] Check /var/log/syslog for anything unusual. (Most entries will be hourly cron jobs.)

• [x] Run ~/logdays.sh 2 to identify log files updated within the last 48 hours. (Replace 2 with 3 on Mondays.) Browse some of these; especially unusual ones; look for anything out of the ordinary.

[ricard-inho]

when I check the /var/log/syslog I found a client that has been denied 20 times starting at 8:30 until 9:36. I looks like it stopped after. This was the message:

Mar 14 09:36:26 s17925818 named[30442]: client 207.254.182.94#53530 (c9-11.com): query (cache) 'c9-11.com/TXT/IN' denied

[smattingly]

@ricardmc99 That is the named service that I already logged as #1. I don't think it is urgent, but I think that we may need to investigate our DNS settings.