[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: How should I react to break in attempts



You might look at this tool to help you with this issue:

http://denyhosts.sourceforge.net/

I haven't tried it myself yet, but after all the ssh attempts i've
been seeing in my daily emails I intend to.

Steve


On Apr 8, 2005 3:14 PM, Thomas Cameron <thomas cameron camerontech com> wrote:
> ----- Original Message -----
> From: "Arthur Pemberton" <dalive flashmail com>
> To: "For users of Fedora Core releases" <fedora-list redhat com>
> Sent: Friday, April 08, 2005 9:25 AM
> Subject: How should I react to break in attempts
> 
> > I'm gettign mail from logwatch as to the following:
> >
> > root (en201247.uac63.hknet.com): 3 Time(s)
> >
> >
> > What's my best plan of action to respond to such? Yes I root logins via
> > sshd disabled.
> >
> > Thanks for the advice.
> 
> Since you have remote root access disabled, the only other thing you can do
> is to just make sure that everyone uses strong passwords on the machine.
> You can also limit users who can su to root following the instructions at
> http://www.faqs.org/docs/securing/chap5sec43.html.
> 
> That way even if they do break in as user joe, if joe is not a part of the
> wheel group he can never brute force or dictionary attack the root account.
> 
> Thomas
> 
> --
> fedora-list mailing list
> fedora-list redhat com
> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]