| 1 |
On Sun, 7 Nov 2004 07:10:21 -0600 |
| 2 |
"Brian G. Peterson" <brian@×××××××××.com> wrote: |
| 3 |
|
| 4 |
> Can anyone help me out with a simple log scanning script that could detect the |
| 5 |
> 'illegal user xxx' strings in /var/log/secure and issue the |
| 6 |
> "/sbin/iptables -I INPUT -s 221.232.128.2 -j DROP" command to shut these |
| 7 |
> addresses down. |
| 8 |
|
| 9 |
you should put ssh on an other port, if you are paranoid you can |
| 10 |
use port knocking to remove the drop on sshd for your ip |
| 11 |
|
| 12 |
on the port 22 you can put portsentry in stcp/sudp or simply |
| 13 |
tcp/udp (consider also atcp and audp) and run the kill command |
| 14 |
(eg: iptables drop) instead editing hosts.deny (sshd implements it's |
| 15 |
own tcp wrapper and doesn't use tcpd and hosts files) |
| 16 |
|
| 17 |
-- |
| 18 |
Francesco 'aScii' Ongaro |
| 19 |
mail [ascii@×××.it] [ascii@××××××××.com] |
| 20 |
http [www.ush.it] [www.ush.it/team/ascii] [ascii.ush.it] |
| 21 |
machines [asciinb.zapto.org] [asciistation.zapto.org] |
| 22 |
|
| 23 |
|
| 24 |
-- |
| 25 |
gentoo-security@g.o mailing list |
Archives