Hello, > Bonjour, > > Ci-apr�s le contenu de deux logchecks de ce matin. Il me semble qu'il > s'agit de tentatives (infructueuses:) de se loguer sur ma machine via > ssh. > > Quelqu'un peut-il m'indiquer comment je devrais r�agir en termes de > s�curisation, identification (commandes) et r�pression (abuse)?
1/ Ne pas permettre de se logguer directement root en SSH 2/ Mettre les IPs dans le host.deny 3/ Tracer les IPs 4/ Surveiller les logs 5/ Mailer le provider de l'IP 6/ Garder les logs Voil� ce que je peux te dire. Il y a certainement d'autres choses � faire ;) ++ > > Journal de 5h02: > > Security Events > =-=-=-=-=-=-=- Mar 23 04:46:03 GDem3 sshd[11168]: Failed password for > illegal user > test from ::ffff:211.176.33.46 port 50152 ssh2 Mar 23 04:46:06 GDem3 > sshd[11174]: Failed password for illegal user guest from > ::ffff:211.176.33.46 port 50252 ssh2 Mar 23 04:46:08 GDem3 sshd[11176]: > Illegal user admin from ::ffff:211.176.33.46 Mar 23 04:46:08 GDem3 > sshd[11176]: Failed password for illegal user admin from > ::ffff:211.176.33.46 port 50344 ssh2 Mar 23 04:46:11 GDem3 sshd[11182]: > Illegal user admin from ::ffff:211.176.33.46 Mar 23 04:46:11 GDem3 > sshd[11182]: Failed password for illegal user admin from > ::ffff:211.176.33.46 port 50439 ssh2 Mar 23 04:46:14 GDem3 sshd[11184]: > Failed password for illegal user user from ::ffff:211.176.33.46 port > 50526 ssh2 Mar 23 04:46:17 GDem3 sshd[11190]: Failed password for root > from ::ffff:211.176.33.46 port 50618 ssh2 Mar 23 04:46:20 GDem3 > sshd[11192]: Failed password for root from ::ffff:211.176.33.46 port > 50711 ssh2 Mar 23 04:46:23 GDem3 sshd[11199]: Failed password for root > from ::ffff:211.176.33.46 port 50797 ssh2 Mar 23 04:46:26 GDem3 > sshd[11201]: Failed password for illegal user test from > ::ffff:211.176.33.46 port 50890 ssh2 > > System Events > =-=-=-=-=-=- Mar 23 04:46:03 GDem3 sshd[11168]: Illegal user test from > ::ffff:211.176.33.46 Mar 23 04:46:03 GDem3 sshd[11168]: error: Could not > get shadow information for NOUSER Mar 23 04:46:06 GDem3 sshd[11174]: > Illegal user guest from ::ffff:211.176.33.46 Mar 23 04:46:06 GDem3 > sshd[11174]: error: Could not get shadow information for NOUSER Mar 23 > 04:46:08 GDem3 sshd[11176]: error: Could not get shadow information for > NOUSER Mar 23 04:46:11 GDem3 sshd[11182]: error: Could not get shadow > information for NOUSER Mar 23 04:46:14 GDem3 sshd[11184]: Illegal user > user from ::ffff:211.176.33.46 Mar 23 04:46:14 GDem3 sshd[11184]: error: > Could not get shadow information for NOUSER Mar 23 04:46:26 GDem3 > sshd[11201]: Illegal user test from ::ffff:211.176.33.46 Mar 23 04:46:26 > GDem3 sshd[11201]: error: Could not get shadow information for NOUSER > > > > Journal de 10h02: > > Security Events > =-=-=-=-=-=-=- Mar 23 09:11:39 GDem3 sshd[27590]: Failed password for > root from > ::ffff:62.193.236.45 port 45567 ssh2 Mar 23 09:11:40 GDem3 sshd[27592]: > Failed password for root from ::ffff:62.193.236.45 port 45687 ssh2 Mar > 23 09:11:41 GDem3 sshd[27594]: Failed password for root from > ::ffff:62.193.236.45 port 45769 ssh2 Mar 23 09:11:42 GDem3 sshd[27596]: > Failed password for root from ::ffff:62.193.236.45 port 45851 ssh2 Mar > 23 09:11:42 GDem3 sshd[27598]: Failed password for root from > ::ffff:62.193.236.45 port 45936 ssh2 Mar 23 09:11:43 GDem3 sshd[27600]: > Failed password for root from ::ffff:62.193.236.45 port 46006 ssh2 Mar > 23 09:11:44 GDem3 sshd[27602]: Failed password for root from > ::ffff:62.193.236.45 port 46076 ssh2 Mar 23 09:11:44 GDem3 sshd[27608]: > Failed password for root from ::ffff:62.193.236.45 port 46156 ssh2 > > > GD > > -- Pensez � lire la FAQ de la liste avant de poser une question : http://wiki.debian.net/?DebianFrench Pensez � rajouter le mot ``spam'' dans vos champs "From" et "Reply-To:" To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
