MORE SSH Hacking: heads-up
Dave Rinker
drinker at dsrtech.com
Tue Aug 10 04:30:12 UTC 2004
I agree with both comments but recommend that you disable the ability of
root to login at all. Users can always su to root.
Howto here: (Fedora is /etc/ssh/sshd_config)
http://www.karkomaonline.com/article.php?story=20030803200809356
On Mon, 2004-08-09 at 11:06, Alexander Dalloz wrote:
> Am Mo, den 09.08.2004 schrieb Dave Rinker um 7:06:
>
> > For those not familiar with swatch you can get it here:
> > http://swatch.sourceforge.net/
> > Make sure you get 3.0.8 because "exec" was not working for me in the
> > newer versions.
>
> > #start
> >
> > watchfor /sshd.*: Failed password for root from/
> > mail=myaddress,subject=Root_Login_Attempt
> > exec /sbin/iptables -I INPUT -i eth0 -s $11 -d 0/0 -p tcp
> > --dport 22 -j DROP
> >
> > watchfor /sshd.*: Illegal user/
> > mail=myaddress,subject=Illegal_user_attempt
> > exec /sbin/iptables -I INPUT -i eth0 -s $10 -d 0/0 -p tcp
> > --dport 22 -j DROP
> >
> > #end
>
> swatch is certainly a nice tool to automatically observe logfiles and
> react on specific occasions. See i.e.
>
> http://www.fedoranews.org/ghenry/swatch/
>
> Short comment on above example by Dave: be careful to not exclude
> yourself from access on a remote system! This is easily done with above
> code: first case - you mistype your root's password; second case - you
> mistype your username.
>
> Alexander
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20040810/4baf1952/attachment-0001.sig>
More information about the fedora-list
mailing list