MORE SSH Hacking: heads-up

Alexander Dalloz alexander.dalloz at uni-bielefeld.de
Mon Aug 9 15:06:21 UTC 2004


Am Mo, den 09.08.2004 schrieb Dave Rinker um 7:06:

> For those not familiar with swatch you can get it here:
> http://swatch.sourceforge.net/
> Make sure you get 3.0.8 because "exec" was not working for me in the
> newer versions.

> #start
>  
> watchfor /sshd.*: Failed password for root from/
>         mail=myaddress,subject=Root_Login_Attempt
>         exec /sbin/iptables -I INPUT -i eth0 -s $11 -d 0/0 -p tcp
> --dport 22 -j DROP
>  
> watchfor /sshd.*: Illegal user/
>         mail=myaddress,subject=Illegal_user_attempt
>         exec /sbin/iptables -I INPUT -i eth0 -s $10 -d 0/0 -p tcp
> --dport 22 -j DROP
>  
> #end

swatch is certainly a nice tool to automatically observe logfiles and
react on specific occasions. See i.e.

http://www.fedoranews.org/ghenry/swatch/

Short comment on above example by Dave: be careful to not exclude
yourself from access on a remote system! This is easily done with above
code: first case - you mistype your root's password; second case - you
mistype your username.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp 
Serendipity 17:00:50 up 5 days, 10:28, load average: 0.22, 0.21, 0.18 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040809/73faa49a/attachment-0002.bin 


More information about the users mailing list