El Martes, 5 de Septiembre de 2006 00:38, Vladimir Strycek escribió: > Jose Maria Alvarez Fernandez wrote: > >El Lunes, 4 de Septiembre de 2006 21:54, Vladimir Strycek escribió: > >>Martins Steinbergs wrote: > >>>On Monday 04 September 2006 21:49, Vladimir Strycek wrote: > >>>>Peter Hoff wrote: > >>>>>----- Original Message ---- > >>>>>From: Vladimir Strycek <[EMAIL PROTECTED]> > >>>>>To: [email protected] > >>>>>Sent: Monday, September 4, 2006 12:40:50 AM > >>>>>Subject: Re: [gentoo-amd64] Something like deyhosts > >>>>> > >>>>>Peter Hoff wrote: > >>>>>>----- Original Message ---- > >>>>>>From: Vladimir Strycek <[EMAIL PROTECTED]> > >>>>>>To: [email protected] > >>>>>>Sent: Sunday, September 3, 2006 9:32:05 PM > >>>>>>Subject: [gentoo-amd64] Something like deyhosts > >>>>>> > >>>>>> > >>>>>>Does anybody get something like denyhosts to run ? as i looking in > >>>>>> logs there is much bruteforce tries which looks realy scary... I > >>>>>> used denyhosts on debian vhere its works right out of box... but not > >>>>>> at gentoo. I use syslog-ng as loger... > >>>>>>-- > >>>>>>[email protected] mailing list > >>>>>> > >>>>>> > >>>>>>Any reason you can't just put them in /etc/hosts.deny? > >>>>>> > >>>>>>If it's not there by default, create it. > >>>>>> > >>>>>> > >>>>>>__________ NOD32 1.1737 (20060903) Information __________ > >>>>>> > >>>>>>This message was checked by NOD32 antivirus system. > >>>>>>http://www.eset.com > >>>>> > >>>>>Yes i can but when i noticed it they already done 100 tries (logins) > >>>>>denyhosts put them there after 3 wrong logins and dont let them > >>>>> continue in atack... > >>>>>-- > >>>>>[email protected] mailing list > >>>>> > >>>>> > >>>>>Have you emerge denyhosts? > >>>>> > >>>>> > >>>>>__________ NOD32 1.1738 (20060904) Information __________ > >>>>> > >>>>>This message was checked by NOD32 antivirus system. > >>>>>http://www.eset.com > >>>> > >>>>Yes i did, i spend 24hours trying to get it work, without any luck... > >>> > >>>here it works OK with syslog-ng, i would say, out of the box > >>> > >>>however, you could hint on what is problem, probably some could help > >>> > >>>m > >> > >>Problem is that it block authomatickly whatever ip apear in log... > > > >That is why fail2ban exists... > > > >And it also works for other programs. > > > >Hope it helps! > > Hmm fail2ban looks promissing, could you please send my config which > work with syslong-ng ? It depends on your syslog-ng configuration (if you have multiple log files, or only a "messages" file. If you have something standard, you can uncomment all the lines related to [ssh] section. You only have to change the ssh-port. But the config file is very well documented.
Hope it helps! > Many thanks -- [email protected] mailing list
