monitor for illegal activity

Just wondering what people do/use to monitor for illegal activity like users trying to hack/crack to gain root access to the server. Anyone actually monitor or you just wait till it's happened then fix it?

JFTR I have a server and within the last 2 weeks it's been hit twice. Mostly likely by the same person(s) as they same useraccounts have been created. It's quite agrivating as I thought I had this system locked up pretty darn tight. It would be nice to have some sort of monitoring system to warn me when someones on the system messing around...

 

 

 

 

Top