Over the last several days, I have had a hacker breach security on a linux box and use it as a mail relay. I found out how he did it, the news account was left open for all to see. What I was wanting to know is this:
Does linux log all login attempts? Where?
When it logs these attempts, does it log the IP address that the attempt was coming from? Where?
If not.. how can I make it do these things.