Mandag 16 juli 2007 18:00 skrev joe: > Richard Creighton wrote: > > Just about every day, often several times a day, my logs include hours > > of log entries that look like this: > > > > Jul 16 00:35:25 raid5 sshd[6966]: Invalid user admin from 83.18.244.42 > > <snip> > > > My question is what, if any firewall rule could I write that could > > detect such attacks and automatically shut down forwarding packets from > > the offending node or domain? That would give me an additional layer > > of defense as well as freeing up a significant amount of log file space. > > I prefer a more simple approach. Rather than adding more firewall rules, I > set the sshd allowed_users parameter to the 2 accounts that actually have a > reason to log in, and I also limit the IP addresses which will accept an > ssh connection using tcp wrappers (hosts.allow, hosts.deny). > > Joe
Hi Joe, quote: "sshd allowed_users parameter to the 2 accounts" in what file do you do that? Would that be an additional line in /etc/ssh/sshd_config, 'cause I can't seem to find an empty line like that in my system? -- ------------------------------------------------------------------------- Med venlig hilsen/Best regards Verner Kjærsgaard -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
