On 7/20/06, PATRICK CARTER <[EMAIL PROTECTED]> wrote:
I'm relatively ne to FreeBSD (~6 months of usage) and I have been administering my own system for approximately the last 2 months. Recently my system has received many ssh login attempts on standard user accounts as someone has been attempting to break into my system. I usually read the Security Run Output e-mails to see if the attacker(s) had made any headway, and took necessary precautions (limiting ssh logins etc). However, last week (after it seemed that the attacks had let up somewhat) I stopped receiving the e-mails (as well as the daily run output e-mails). I still read the auth.log file to see login information and it did not appear as though anyone had successfully managed to break into the system. Today the both sets of e-mails started again and I received the e-mails for today and yesterday (I am still missing 5 days worth and one weekly run output). I was wondering if anyone might know how to ensure that I continue to receive these e-mails without interrupti on. If it matters (and I suspect it does) I have all my root e-mails aliased to a locked, nologin dummy account that forwards e-mail to my account, my boss' account, and retains a copy in the dummy account (.forward was not working to forward root's mail). Root's mail client is set to read the dummy account inbox as well as anything that somehow winds up in the regular root mailbox. This setup worked fine until the e-mails stopped last week (none of the listed accounts received the e-mail). Any advice would be greatly appreciated. those script kiddies do let up sometimes you know :D , using brute force i
guess, as long as your user's passwords aren't dictionary words then you have nothing to worry. and also set the Allowusers directive allowing only admins. HTH _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"