Am Mo, den 09.08.2004 schrieb Dave Rinker um 7:06:
For those not familiar with swatch you can get it here:
http://swatch.sourceforge.net/
Make sure you get 3.0.8 because "exec" was not working for me in the
newer versions.
#start
watchfor /sshd.*: Failed password for root from/
mail=myaddress,subject=Root_Login_Attempt
exec /sbin/iptables -I INPUT -i eth0 -s $11 -d 0/0 -p tcp
--dport 22 -j DROP
watchfor /sshd.*: Illegal user/
mail=myaddress,subject=Illegal_user_attempt
exec /sbin/iptables -I INPUT -i eth0 -s $10 -d 0/0 -p tcp
--dport 22 -j DROP
#end
swatch is certainly a nice tool to automatically observe logfiles and
react on specific occasions. See i.e.
http://www.fedoranews.org/ghenry/swatch/
Short comment on above example by Dave: be careful to not exclude
yourself from access on a remote system! This is easily done with above
code: first case - you mistype your root's password; second case - you
mistype your username.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp
Serendipity 17:00:50 up 5 days, 10:28, load average: 0.22, 0.21, 0.18