I can't see this works very well considering some machines from outside may
be allowed to come in and others not..
easily done but using the
/etc/hosts.deny
---------------
ALL: ALL : spawn (/bin/securescript %n %a %d)
/bin/securescript
-----------------
echo Non authorised access to $3 from $2 | logger -p local0.notice -t
Security
echo "`date +%d/%m/%y` : $3 - $2 $1" >>/var/log/securityattempt.log
This will create a Security process log in your messages file and also log
the details in you /var/log/securityattempt.log file
easy.
thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint : 43DC 92AC 1A82 27B2 E97B 52F1 B60F 301A 38A9
A10C
PGP KeyID: 0x38A9A10C
-----Original Message-----
From: Jeff Waugh [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 14, 2000 11:21 AM
To: [EMAIL PROTECTED]
Subject: Re: [SLUG] Simple tool to monitor remote scans/probs
> Matt wrote:
>
> if anyone has been scanning my ports, trying ports,
> trying to telnet in etc.
... and so much more (for use in combination with your usual ipchains and
system logging):
http://freshmeat.net/projects/snort/
- Jeff
-- [EMAIL PROTECTED] ------------------------------- http://linux.conf.au/ --
Ye shall be cursed to fall in love so easily, and yet be so
cold of heart as never to express it.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
