On Fri, Dec 30, 2005 at 12:12:37AM -0500, George Nassas wrote: > On 29-Dec-05, at 11:58 PM, Korey Fort wrote: > >tracks log in attempts, if the > >account/password is wrong a certain amount of times it will put it in > >/etc/host.deny file and block them from attempting. > That's a good idea in general but this particular fellow only tried a > given login once. Basically root / root then mythtv / mythtv then frank > / frank, etc...
You've missed the point. These types of packages don't look for multiple attempts at a single user name. They simply watch the auth logs and match failures to IPs. Once an IP has accumulated a certain number of failures within a specified time period, that IP address is temporarily added to a firewall table to block all further connections. In your case, root/root is the first failure, mythtv/mythtv is the second failure, etc. I use fail2ban to do the same thing. It's highly configurable so you can adjust the rules to match almost any kind of log file. -- Joke template: Three guys walk into a bar. One of them is a wee bit stupid, and the whole scene unfolds with a tedious inevitability.
_______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
