SSH monitoring
Neil Cherry
ncherry at comcast.net
Mon Sep 5 15:55:50 UTC 2005
CHAT KHODA wrote:
> Dear friends,
> I wish to :
>
> 1- Monitor all of the connections(or tries) to my SSH
> port including the source IP address.
permit() {
# I want to log just the startup of the conversation
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG --syn \
--log-level info --log-prefix "iptables permit: " \
--log-ip-options
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j ACCEPT
}
# Deny these sites access to my machine
deny() {
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG \
--log-level alert --log-prefix "iptables deny: " \
--log-ip-options
/sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j DROP
}
# =[ Flush the tables completely ]============================================
/sbin/iptables -F
# =[ Permit list ]============================================================
#permit 127.0.0.0/8 # Local stuff
permit 10.0.0.0/8 # Local stuff
permit 172.16.0.0/12 # Local stuff
permit 192.168.0.0/16 # Local stuff
# =[ Deny list ]==============================================================
deny 0.0.0.0/0 # Deny everyone else
The logging part is probably what you want most but the above may
prove to be useful.
> 2- Limit the numer of unsuccessfull attempts to login
> to just two attempts per session.
Take a look at pam_abl ( http://www.hexten.net/pam_abl/ ). Now that
i use the above I've had no incidents of needing pam_abl. That doesn't
mean I won't.
--
Linux Home Automation Neil Cherry ncherry at comcast.net
http://home.comcast.net/~ncherry/ (Text only)
http://hcs.sourceforge.net/ (HCS II)
http://linuxha.blogspot.com/ My HA Blog
More information about the fedora-list
mailing list