Try the termlog port, do some minor source changes so it doesn't spam
the system logs. I use it to monitor shell server users, and works
wonders. Even have a shell script that creates directories according to
the current date, checks for operation not permitted and permission
denied, mails the
Bill Moran wrote:
I'd like to start logging everything that
happens during any ssh login (since all our work on these machines is
via ssh). I understand, and frequently use script(1), but I want this
to be required. I have two goals:
1) If someone manages to guess a password and break in, I
Alex Zbyslaw [EMAIL PROTECTED] wrote:
Bill Moran wrote:
I'd like to start logging everything that
happens during any ssh login (since all our work on these machines is
via ssh). I understand, and frequently use script(1), but I want this
to be required. I have two goals:
1) If someone
At 08:38 AM 6/19/2005, Bill Moran wrote:
I've been researching this, and so far haven't found a way to do what I
want to do.
I have servers here and there, that should only be accessible by a limited
number of administrators via ssh (i.e. mail and web servers, firewalls).
As an added security
Hi Bill,
Just as a side note, to help with people guessing a password, how about
having a script that monitors the auth.log file and when you get more than X
number of entries of username/password tries coming from one IP, it then
writes a firewall entry that blocks the IP. You could have a