stephen mulcahy wrote:
Joe Landman wrote:
Use pam_abl. Really. Even if the password were weak, and they
guessed it on the 57th try, pam_abl will stop the login. Read the
manual. Adjust the config settings.
Our ssh logs are scary, have been for a while. They aren't the
scariest of our logs.
DenyHosts works on a similar principle -
http://denyhosts.sourceforge.net/ although pam_abl's pretending to
accept logins even when the attacker has been blacklisted sounds
downright sneaky!
Yup!
I wrote a tool called "danger" that parses the ssh logs, the
/etc/hosts.deny logs, and makes ... recommondations about what to add.
Based upon who has been attacking you. This pre-dated denyhosts by a
bit. I still run it, and it gives me a nightly summary of the bad guys.
Could make for an interesting Monday morning pre-coffee login session
though - as you wonder why your initially mistyped password still isn't
working after 50 login attempts :)
Yuppers. Had that happen once. Learned to get coffee before doing
anything important.
Even paranoids have enemies.
or "I've only been paranoid since they started watching me"?
-stephen
--
Joseph Landman, Ph.D
Founder and CEO
Scalable Informatics LLC,
email: [EMAIL PROTECTED]
web : http://www.scalableinformatics.com
http://jackrabbit.scalableinformatics.com
phone: +1 734 786 8423
fax : +1 866 888 3112
cell : +1 734 612 4615
_______________________________________________
Beowulf mailing list, Beowulf@beowulf.org
To change your subscription (digest mode or unsubscribe) visit
http://www.beowulf.org/mailman/listinfo/beowulf
