How should I react to break in attempts
Thomas Cameron
thomas.cameron at camerontech.com
Fri Apr 8 19:14:23 UTC 2005
----- Original Message -----
From: "Arthur Pemberton" <dalive at flashmail.com>
To: "For users of Fedora Core releases" <fedora-list at redhat.com>
Sent: Friday, April 08, 2005 9:25 AM
Subject: How should I react to break in attempts
> I'm gettign mail from logwatch as to the following:
>
> root (en201247.uac63.hknet.com): 3 Time(s)
>
>
> What's my best plan of action to respond to such? Yes I root logins via
> sshd disabled.
>
> Thanks for the advice.
Since you have remote root access disabled, the only other thing you can do
is to just make sure that everyone uses strong passwords on the machine.
You can also limit users who can su to root following the instructions at
http://www.faqs.org/docs/securing/chap5sec43.html.
That way even if they do break in as user joe, if joe is not a part of the
wheel group he can never brute force or dictionary attack the root account.
Thomas
More information about the users
mailing list