How to display IP of ssh user in message?
Smith, Albert
Albert.Smith at genexservices.com
Wed Apr 27 18:17:52 UTC 2005
If they never are able to successfully login then it won't matter if you
display it in a banner page as they already know that IP address's are
logged in the btmp and the wtmp logs.
Here are things to do from a liability stand point:
1 - Have a warning banner enabled at log in. It is very easy to do and I
have attached one. Just put in /etc and name it issue and make sure it
has permission 444 set.
2 - make sure /var/log/btmp exists if not create the file. Whenever a
failed attempt happens either by local, ssh or whatever connection just
do a lastb and it logs it by, id - ipaddress and date/time.
3 - Continue to call theplanet.com on the number listed on their website
if they fail to respond I would contact your local police if you belive
this to be a hacker attempt.
Albert Smith
Sr. Unix Systems Administrator
HPCSA, RHCT
Genex Services
440 E. Swedesford Rd.
Wayne, PA 19087
albert.smith at genexservices.com
(610) 964-5154
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Burke, Thomas G.
> Sent: Wednesday, April 27, 2005 11:39 AM
> To: golharam at umdnj.edu; General Red Hat Linux discussion list
> Subject: RE: How to display IP of ssh user in message?
>
> Probably won't matter, as most of them are scripts...
>
> -Tom
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [mailto:redhat-list-bounces at redhat.com]On Behalf Of Ryan Golhar
> Sent: Friday, April 15, 2005 11:28 AM
> To: Burke, Thomas G.; 'General Red Hat Linux discussion list'
> Subject: RE: How to display IP of ssh user in message?
>
>
>
> My message might have been a bit confusing. When a user logs
> in via ssh, a message can be displayed. I forget what file
> this is in. I want to add their IP address to the message so
> they know that we know where they are coming from...
>
>
>
> -----Original Message-----
> From: Burke, Thomas G. [ mailto:tg.burke at ngc.com]
> Sent: Friday, April 15, 2005 11:15 AM
> To: golharam at umdnj.edu; General Red Hat Linux discussion list
> Subject: RE: How to display IP of ssh user in message?
>
>
>
> This data shows up in one of the other logs - not sure which
> off the top
> of my head, tho.
>
> -Tom
>
> -----Original Message-----
> From: redhat-list-bounces at redhat.com
> [ mailto:redhat-list-bounces at redhat.com]On Behalf Of Ryan Golhar
> Sent: Friday, April 15, 2005 11:02 AM
> To: 'General Red Hat Linux discussion list'
> Subject: How to display IP of ssh user in message?
>
>
>
> Hi all,
>
> I notice in our logs that we get a large amount of failed attempts to
> log in. Short of blocking these domains using iptables, I
> was wondering
>
> if there is a way to display the IP address of the user
> logging in, in a
>
> message so they know we have their IP address?
>
> sshd:
> Invalid Users:
> Unknown Account: 602 Time(s)
> Authentication Failures:
> xfs (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
> root (nitrogen.umdnj.edu ): 1 Time(s)
> root (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
> unknown (138.67-18-71.reverse.theplanet.com ): 595 Time(s)
> unknown (218.153.147.92 ): 6 Time(s)
> daemon (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
> root (218.153.147.92 ): 3 Time(s)
> rpc (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
> unknown (10.136.16.244 ): 1 Time(s)
> smmsp (138.67-18-71.reverse.theplanet.com ): 1 Time(s)
>
>
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=subscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
More information about the redhat-list
mailing list