On Sun, Nov 20, 2005 at 05:20:38PM -0700, Gerard Beekmans wrote:
>
> Just wondering who else has been getting these.
Pretty much everyone. If you are just now getting them count yourself
lucky. It's been going on for a long time.
Here's a suggestion:
grep "Failed password for root" <logfile> |awk '{ print $11 }'
grep "Failed password for invalid user" <logfile> |awk '{ print $13 }'
If you get more than, say, 3 of these from a given IP,
echo "ALL: <IP>" >> /etc/hosts.deny
This assumes an sshd compiled with tcp-wrappers support, but that is
trivial to attain.
--
Archaic
Want control, education, and security from your operating system?
Hardened Linux From Scratch
http://www.linuxfromscratch.org/hlfs
--
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
