<<On Mon, 03 Oct 2005 13:00:33 +0200, Clemens Renner <[EMAIL PROTECTED]> said:
> Failed password for illegal user qscand from 217.20.119.212 port 50657 ssh2 I modified my version of /etc/periodic/security/800.loginfail to filter out all the "illegal user" messages from sshd; otherwise I would be getting about 24,000 lines of crap a night in my security report (3,000 attempts per host times eight hosts). Since all of the machines I care about have very limited access, I don't lose anything by not overwhelming my security mail with unimportant failures. I also aggressively use AllowUsers/AllowGroups in sshd_config to limit exposure even more. (That way, I don't have to see all the failures for "www" and "pgsql" as well.) -GAWollman _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[EMAIL PROTECTED]"
