On Thu, 19 Sep 2002, Anthony Gray wrote: > Hi All, > > I am wanting to get some opinions on the best way to handle intrusive logon > attempts. I know that 'Authentication' problems are stored in > /var/log/messages, are there any tools that can report on failed logon > attempts? I thought of writing a script to analyse the log file and email > me if the logon attempts for a particular user exceeds a limit I have set. > Is this a good idea?
Also look at /var/log/secure > > I've heard about PAM and being able to tally up the logon attempts using > mod_tally, but does anyone know of any good doco about how to set this up > for newbies 8-)? I still find PAM confusing.... > > I've also heard about 'Snort' - can sniff the packets in realtime and > perform actions based on rules I have set. Is snort suitable to run on a > productive box (does is take much cpu?) or should it run on a standalone > box? Snort will monitor for rlogin, rsh and telnet attempts, but is more an Intrusion Detection System > > I am relatively new to linux so I would appreciate any help or guidance. If you want "real time" monitoring you might want to look at swatch. > > Thanks for your time, > > Regards > Anthony Gray > > > > _________________________________________________________________ > Chat with friends online, try MSN Messenger: http://messenger.msn.com > > -- Howard. LANNet Computing Associates - Your Linux people Contact detail at http://www.lannetlinux.com "Flatter government, not fatter government." - me Get rid of the Australian states. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
