How should I react to break in attempts
Arthur Pemberton
dalive at flashmail.com
Fri Apr 8 23:12:46 UTC 2005
Steven Joerger wrote:
>You might look at this tool to help you with this issue:
>
>http://denyhosts.sourceforge.net/
>
>I haven't tried it myself yet, but after all the ssh attempts i've
>been seeing in my daily emails I intend to.
>
>Steve
>
>
This looks very very cool, I'll be tring it tonight.
>
>On Apr 8, 2005 3:14 PM, Thomas Cameron <thomas.cameron at camerontech.com> wrote:
>
>
>>----- Original Message -----
>>From: "Arthur Pemberton" <dalive at flashmail.com>
>>To: "For users of Fedora Core releases" <fedora-list at redhat.com>
>>Sent: Friday, April 08, 2005 9:25 AM
>>Subject: How should I react to break in attempts
>>
>>
>>
>>>I'm gettign mail from logwatch as to the following:
>>>
>>>root (en201247.uac63.hknet.com): 3 Time(s)
>>>
>>>
>>>What's my best plan of action to respond to such? Yes I root logins via
>>>sshd disabled.
>>>
>>>Thanks for the advice.
>>>
>>>
>>Since you have remote root access disabled, the only other thing you can do
>>is to just make sure that everyone uses strong passwords on the machine.
>>You can also limit users who can su to root following the instructions at
>>http://www.faqs.org/docs/securing/chap5sec43.html.
>>
>>That way even if they do break in as user joe, if joe is not a part of the
>>wheel group he can never brute force or dictionary attack the root account.
>>
>>Thomas
>>
>>--
>>fedora-list mailing list
>>fedora-list at redhat.com
>>To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>
>>
>>
>
>
>
More information about the users
mailing list