I believe most of us who work in UNIX know how to send an e-mail from UNIX servers
Yes you are right, using the mailx command you can send e-mails to the people or team or to any interested parties. But is there any way to audit those e-mails?
Yes you are right, using the mailx command you can send e-mails to the people or team or to any interested parties. But is there any way to audit those e-mails?
Yes it’s pretty much easy and straight forward. Let us see how to do that.
All the communication related details are stored in the files named syslog and authlog. These files holds the details of e-mail, ssh, rsh, ftp related communications from the server. This log files plays a major role in auditing especially when we share a common id in our projects (Of course that’s not advisable but it’s still happening in many organizations)
Ok let’s come to the point. Use the below simple command to find out the e-mails flown out from your server. This way you can capture the recipients of the e-mail with delivery time.
$grep sendmail /var/log/syslog
Similarly to find out the other inter- server communication details.
$grep ssh /var/log/syslog
$grep ssh /var/log/authlog
$grep ftp /var/log/authlog
This may sound simple for the people who already knew it, but I guess this will definitely be an useful information for many.
No comments:
Post a Comment