How should I react to break in attempts

Pedro Fernandes Macedo webmaster at margo.bijoux.nom.br
Fri Apr 8 14:35:28 UTC 2005


Arthur Pemberton wrote:

> I'm gettign mail from logwatch as to the following:
>
> root (en201247.uac63.hknet.com): 3 Time(s)
>
>
> What's my best plan of action to respond to such? Yes I root logins 
> via sshd disabled.
>
> Thanks for the advice.

Do you have a firewall on that machine? If you have , simply make a rule 
blocking ssh access just to a few machines, specially if the machine in 
question is a server...
I used to so something like that on the servers I managed. To access the 
servers using SSH , you had to be in one machine that was on the admin 
subnet.

--
Pedro Macedo




More information about the fedora-list mailing list