Steven Joerger wrote:
> You might look at this tool to help you with this issue:
>
>
http://denyhosts.sourceforge.net/
>
> I haven't tried it myself yet, but after all the ssh attempts i've
> been seeing in my daily emails I intend to.
>
> Steve
>
>
This looks very very cool, I'll be tring it tonight.
>
> On Apr 8, 2005 3:14 PM, Thomas Cameron
> <thomas.cameron(a)camerontech.com> wrote:
>
>
>> ----- Original Message -----
>> From: "Arthur Pemberton" <dalive(a)flashmail.com>
>> To: "For users of Fedora Core releases" <fedora-list(a)redhat.com>
>> Sent: Friday, April 08, 2005 9:25 AM
>> Subject: How should I react to break in attempts
>>
>>
>>
>>> I'm gettign mail from logwatch as to the following:
>>>
>>> root (
en201247.uac63.hknet.com): 3 Time(s)
>>>
>>>
>>> What's my best plan of action to respond to such? Yes I root logins
>>> via
>>> sshd disabled.
>>>
>>> Thanks for the advice.
>>>
>>
>> Since you have remote root access disabled, the only other thing you
>> can do
>> is to just make sure that everyone uses strong passwords on the
>> machine.
>> You can also limit users who can su to root following the
>> instructions at
>>
http://www.faqs.org/docs/securing/chap5sec43.html.
>>
>> That way even if they do break in as user joe, if joe is not a part
>> of the
>> wheel group he can never brute force or dictionary attack the root
>> account.
>>
>> Thomas
>>
>> --
>> fedora-list mailing list
>> fedora-list(a)redhat.com
>> To unsubscribe:
http://www.redhat.com/mailman/listinfo/fedora-list
>>
>>
>
>
>
>