Linode Forum
Linode Community Forums
 FAQFAQ    SearchSearch    MembersMembers      Register Register 
 LoginLogin [ Anonymous ] 
Post new topic  Reply to topic
Author Message
PostPosted: Mon May 22, 2017 12:58 pm 
Offline
Senior Newbie

Joined: Sat May 20, 2017 11:05 am
Posts: 7
Hi,

I have been noticing my new Linode's
Code:
df -m
values everyday and they have been increasing more and more. Here's the output from today
Code:
root@hydrogen:~# df -m
Filesystem     1M-blocks  Used Available Use% Mounted on
/dev/root          19907  1428     17453   8% /
devtmpfs             492     0       492   0% /dev
tmpfs                495     0       495   0% /dev/shm
tmpfs                495    51       444  11% /run
tmpfs                  5     0         5   0% /run/lock
tmpfs                495     0       495   0% /sys/fs/cgroup
tmpfs                 99     0        99   0% /run/user/0
Are these the log files? Because in just 4 days they've crept up to 8% + 11% im fearing that they will consume all my server space soon. Any idea if it is the logs how to clear them out?

Thanks


Top
   
PostPosted: Sat Jun 03, 2017 2:10 pm 
Offline
Senior Member
User avatar

Joined: Mon Sep 29, 2014 4:47 pm
Posts: 127
Website: https://Feliciano.Tech
Location: New York City, USA
Twitter: FelicianoTech
The best way to know if it's the log files is to check. /var/log/ is where most of them will be located. You can keep log files trimmed and maintained by "rotating" them. More info here: http://linuxcommand.org/man_pages/logrotate8.html

_________________
U.S. Navy Sailor and Developer Evangelist at CircleCI (formerly Linode). Write the Docs NYC organizer. Mets fan for life. Building the Linodians community.

Follow me on Twitter @FelicianoTech.


Top
   
PostPosted: Thu Jun 08, 2017 3:49 am 
Offline
Senior Newbie

Joined: Sat May 20, 2017 11:05 am
Posts: 7
Thanks for your reply, I have monitored /var/log through the du-sh command and found that the btmp file is increasing massive amounts every day. Could you please tell me what I can do to stop it growing, and can I delete it in the meantime It is occupying 700MB now!


Top
   
PostPosted: Fri Jun 09, 2017 10:58 am 
Offline
Senior Member
User avatar

Joined: Mon Sep 29, 2014 4:47 pm
Posts: 127
Website: https://Feliciano.Tech
Location: New York City, USA
Twitter: FelicianoTech
Did you see that I recommended logrotate?

What logrotate does is split your log file into multiple files, and then you can choose for how many days or what file you size want before it starts to delete old logs. I don't know what distro you're running but I suggest Googling for "logrotate" and your distro.

Some more information on logrotate: http://www.thegeekstuff.com/2010/07/logrotate-examples

_________________
U.S. Navy Sailor and Developer Evangelist at CircleCI (formerly Linode). Write the Docs NYC organizer. Mets fan for life. Building the Linodians community.

Follow me on Twitter @FelicianoTech.


Top
   
PostPosted: Sat Jun 10, 2017 5:09 am 
Offline
Senior Newbie

Joined: Sat May 20, 2017 11:05 am
Posts: 7
Thanks I will check it out.


Top
   
PostPosted: Sun Jun 18, 2017 6:33 am 
Offline
Senior Member
User avatar

Joined: Sun Jan 24, 2016 4:30 am
Posts: 226
I am sorry but the user FelicianoTech above gave some horrible advice.

The file /var/log/btmp contains bad/failed login attempts and should be taken seriously, not just logrotate'ed. First read the man page for "lastb" (man lastb) and see the command line parameters. Then see who is brute forcing your server and which particular service they are hitting.

For example, if you see brute force attacks on the ssh port, then it is a good idea to change the port and add some extra protection layer (like whitelisted IP addresses, disable password logins and enforce keys, etc). But it all depends on the service that is being abused.

Once you solve the brute force problem, you may see how to logrorate the btmp file.

_________________
:idea: I love my computer... all my friends live there.


Top
   
PostPosted: Thu Jun 29, 2017 4:44 am 
Offline
Senior Newbie

Joined: Thu Jun 22, 2017 1:35 am
Posts: 18
If your btmp file is growing into a huge size, then someone is trying to brute force your server. You should use something like fail2ban or similar, to slow down the attackers.
Every failed login attempt, gets logged in btmp.


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic


Who is online

Users browsing this forum: No registered users and 5 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  
cron
RSS

Powered by phpBB® Forum Software © phpBB Group