Hi All, I am wanting to get some opinions on the best way to handle intrusive logon attempts. I know that 'Authentication' problems are stored in /var/log/messages, are there any tools that can report on failed logon attempts? I thought of writing a script to analyse the log file and email me if the logon attempts for a particular user exceeds a limit I have set. Is this a good idea?
I've heard about PAM and being able to tally up the logon attempts using mod_tally, but does anyone know of any good doco about how to set this up for newbies 8-)? I still find PAM confusing.... I've also heard about 'Snort' - can sniff the packets in realtime and perform actions based on rules I have set. Is snort suitable to run on a productive box (does is take much cpu?) or should it run on a standalone box? I am relatively new to linux so I would appreciate any help or guidance. Thanks for your time, Regards Anthony Gray _________________________________________________________________ Chat with friends online, try MSN Messenger: http://messenger.msn.com -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug