1 |
On Sun, 7 Nov 2004 07:10:21 -0600 |
2 |
"Brian G. Peterson" <brian@×××××××××.com> wrote: |
3 |
|
4 |
> Can anyone help me out with a simple log scanning script that could detect the |
5 |
> 'illegal user xxx' strings in /var/log/secure and issue the |
6 |
> "/sbin/iptables -I INPUT -s 221.232.128.2 -j DROP" command to shut these |
7 |
> addresses down. |
8 |
|
9 |
you should put ssh on an other port, if you are paranoid you can |
10 |
use port knocking to remove the drop on sshd for your ip |
11 |
|
12 |
on the port 22 you can put portsentry in stcp/sudp or simply |
13 |
tcp/udp (consider also atcp and audp) and run the kill command |
14 |
(eg: iptables drop) instead editing hosts.deny (sshd implements it's |
15 |
own tcp wrapper and doesn't use tcpd and hosts files) |
16 |
|
17 |
-- |
18 |
Francesco 'aScii' Ongaro |
19 |
mail [ascii@×××.it] [ascii@××××××××.com] |
20 |
http [www.ush.it] [www.ush.it/team/ascii] [ascii.ush.it] |
21 |
machines [asciinb.zapto.org] [asciistation.zapto.org] |
22 |
|
23 |
|
24 |
-- |
25 |
gentoo-security@g.o mailing list |