The
/var/log/secure file logs security related messages on the server. These messages are authenticated data which can consist of failed login attempts and messages from any security processes running on the machine.
This is not a Plesk related schematic and is completely acceptable. If your
/var/log/secure (may also be an iteration of files,
secure.1,
secure.2, etc) is a few MB or typically in it's MB range (1-20MB) then you have nothing to worry about. If your log starts getting larger (sometimes GB) then you should consider examining it to determine the cause.
You can run the following command to see if you have any intruders:
for ip in `awk '/Illegal user/ {print $10}' /var/log/secure |sort -u`; do echo "$ip : "`grep -c $ip /var/log/secure`; done
This will return IP addresses and a count of how many times that IP has failed to authenticate a valid connection to the server. If it's suspiciously high, you can blacklist the IP. But be sure it's not your IP, some are renowned to overlook such a simple thing. If the command returns nothing, your pretty much worrying about nothing.
You can truncate these files if need be, or delete the log file to save clogging up space, but be sure to recreate the file(s).
Facebook
Twitter
