How should I react to break in attempts
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Fri Apr 8 14:35:28 UTC 2005
Arthur Pemberton wrote:
> I'm gettign mail from logwatch as to the following:
>
> root (en201247.uac63.hknet.com): 3 Time(s)
>
>
> What's my best plan of action to respond to such? Yes I root logins
> via sshd disabled.
>
> Thanks for the advice.
Do you have a firewall on that machine? If you have , simply make a rule
blocking ssh access just to a few machines, specially if the machine in
question is a server...
I used to so something like that on the servers I managed. To access the
servers using SSH , you had to be in one machine that was on the admin
subnet.
--
Pedro Macedo
More information about the fedora-list
mailing list