| 1 |
On Sun, Nov 07, 2004 at 02:50:42PM +0100, aScii wrote: |
| 2 |
> On Sun, 7 Nov 2004 07:10:21 -0600 |
| 3 |
> "Brian G. Peterson" <brian@×××××××××.com> wrote: |
| 4 |
> |
| 5 |
> > Can anyone help me out with a simple log scanning script that could detect the |
| 6 |
> > 'illegal user xxx' strings in /var/log/secure and issue the |
| 7 |
> > "/sbin/iptables -I INPUT -s 221.232.128.2 -j DROP" command to shut these |
| 8 |
> > addresses down. |
| 9 |
> |
| 10 |
|
| 11 |
Why not use ssh-keys only (with passphrase min 30 chars long) and maybe block everything on port 22 except from a trusted host (Somewhere you trust and where they update their ssh) |
| 12 |
|
| 13 |
my 2 cents |
| 14 |
|
| 15 |
/Kim |
Archives