On Sun, Jul 16, 2006 at 12:24:57PM +0200, houghi wrote:
> Just do the following as root:
> grep sshd /var/log/messages |grep "Invalid user"| \
> awk '{print $NF}'|sort|uniq -c|sort -n
>
> As most people know, sshd attacks are very common. Also there are various
> tools out there that can be used to block these attacks.
>
> Would there be a possability to have such a thing included in 10.2?
>
> Some scripts that are out there:
> http://www.csc.liv.ac.uk/~greg/sshdfilter/
> http://www.aczoom.com/cms/blockhosts
> http://www.securiteam.com/tools/5JP0520G0Q.html
> http://linuxmafia.com/pub/linux/security/sshd_sentry/sshd_sentry
> http://denyhosts.sourceforge.net/
>
> And I am sure there are several more. I think it would help making SUSE a
> bit safer and cleans up the logfiles rather nicely.
>
> It should be something that does not run with cron, as it is to slow to
> run only each minute.
If you are interested, I now use http://www.aczoom.com/cms/blockhosts as
it tests each and every time when a connection is made.
The only thing I needed to edit was to let it look at /var/log/messages
and three extra lines in /etc/hosts.allow
Strangely the RPM on the site gave an error about env not being available,
so I used the gziped file.
--
>From the day the male foetus' hands grow long enough to grasp at their 'third
leg', until the man in question is dead and buried, the penis is a constant
source of amusement and amazement to those of the male gender.
http://www.bbc.co.uk/dna/h2g2/A219061
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
