You might look at this tool to help you with this issue:
http://denyhosts.sourceforge.net/
I haven't tried it myself yet, but after all the ssh attempts i've
been seeing in my daily emails I intend to.
Steve
On Apr 8, 2005 3:14 PM, Thomas Cameron <thomas.cameron(a)camerontech.com> wrote:
>----- Original Message -----
>From: "Arthur Pemberton" <dalive(a)flashmail.com>
>To: "For users of Fedora Core releases" <fedora-list(a)redhat.com>
>Sent: Friday, April 08, 2005 9:25 AM
>Subject: How should I react to break in attempts
>
>
>
>>I'm gettign mail from logwatch as to the following:
>>
>>root (
en201247.uac63.hknet.com): 3 Time(s)
>>
>>
>>What's my best plan of action to respond to such? Yes I root logins via
>>sshd disabled.
>>
>>Thanks for the advice.
>>
>>
>Since you have remote root access disabled, the only other thing you can do
>is to just make sure that everyone uses strong passwords on the machine.
>You can also limit users who can su to root following the instructions at
>http://www.faqs.org/docs/securing/chap5sec43.html.
>
>That way even if they do break in as user joe, if joe is not a part of the
>wheel group he can never brute force or dictionary attack the root account.
>
>Thomas
>
>--
>fedora-list mailing list
>fedora-list(a)redhat.com
>To unsubscribe:
http://www.redhat.com/mailman/listinfo/fedora-list
>
>
>