On Fri, Jan 16, 2015 at 2:53 PM, David Weise <dwe...@rider.edu> wrote:
> hi,
> It seems that denyhosts is not catching any root attempts on my rhel 6
> servers. The follow appears in my /var/log/secure:
> ----------begin
> PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=hacker.domain.edu user=root
> Jan 16 13:47:21 www-usr sshd[17268]: pam_unix(sshd:auth): authentication
> failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=hacker.domain.com
> user=root
> Jan 16 13:47:23 www-usr sshd[17268]: Failed password for root from
> 10.1.1.1 port 33096 ssh2
> Jan 16 13:47:25 www-usr sshd[17268]: Failed password for root from
> 10.1.1.1 port 33096 ssh2
> Jan 16 13:47:28 www-usr sshd[17268]: Failed password for root from
> 10.1.1.1 port 33096 ssh2
> Jan 16 13:47:28 www-usr sshd[17270]: Connection closed by
> ----------end
> I have no really grasp of regex in python. Can anybody help me out to
> formulate a regex statement?
> --David
>
>
Did you use the denyhosts package from epel for Redhat?
It should come configured for the right settings.
Most of the systems I have facing the public are on Debian
so I can't think of one which would verify it is working OK
on Redhat.
In any case, you can disable root access in sshd_config and
make your system vastly more secure by requiring a login to a
named account. That way the brute force hackers don't know
two things: the user name and the password.
------------------------------------------------------------------------------
New Year. New Location. New Benefits. New Data Center in Ashburn, VA.
GigeNET is offering a free month of service with a new server in Ashburn.
Choose from 2 high performing configs, both with 100TB of bandwidth.
Higher redundancy.Lower latency.Increased capacity.Completely compliant.
http://p.sf.net/sfu/gigenet
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user