In the logs of DenyHosts it does list how many times a username was attempted. I haven't tried to configure it for blocking on username failures. It has a default block time of a year, so if you fail to login in the specified login attempts, you're blocked for a year or that can be configure. If you are really and truly paranoid of someone logging in as root or mythtv you can just stop them from logging in from ssh ( http://www.ssh.com/support/documentation/online/ssh/adminguide/32/Restrictin g_User_Logins.html ).
"Let ye without segmentation fault cast the first int!" Korey Fort -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, December 30, 2005 4:40 AM To: Discussion about mythtv Subject: Re: [mythtv-users] ssh attack On Fri, Dec 30, 2005 at 12:12:37AM -0500, George Nassas wrote: > On 29-Dec-05, at 11:58 PM, Korey Fort wrote: > >tracks log in attempts, if the > >account/password is wrong a certain amount of times it will put it in > >/etc/host.deny file and block them from attempting. > That's a good idea in general but this particular fellow only tried a > given login once. Basically root / root then mythtv / mythtv then frank > / frank, etc... You've missed the point. These types of packages don't look for multiple attempts at a single user name. They simply watch the auth logs and match failures to IPs. Once an IP has accumulated a certain number of failures within a specified time period, that IP address is temporarily added to a firewall table to block all further connections. In your case, root/root is the first failure, mythtv/mythtv is the second failure, etc. I use fail2ban to do the same thing. It's highly configurable so you can adjust the rules to match almost any kind of log file. -- Joke template: Three guys walk into a bar. One of them is a wee bit stupid, and the whole scene unfolds with a tedious inevitability.
_______________________________________________ mythtv-users mailing list [email protected] http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
