How should I react to break in attempts
Arthur Pemberton
dalive at flashmail.com
Sat Apr 9 05:06:43 UTC 2005
Arthur Pemberton wrote:
> Steven Joerger wrote:
>
>> You might look at this tool to help you with this issue:
>>
>> http://denyhosts.sourceforge.net/
>>
>> I haven't tried it myself yet, but after all the ssh attempts i've
>> been seeing in my daily emails I intend to.
>>
>> Steve
>>
>>
> This looks very very cool, I'll be tring it tonight.
I am now a proud user of this.
>
>>
>> On Apr 8, 2005 3:14 PM, Thomas Cameron
>> <thomas.cameron at camerontech.com> wrote:
>>
>>
>>> ----- Original Message -----
>>> From: "Arthur Pemberton" <dalive at flashmail.com>
>>> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
>>> Sent: Friday, April 08, 2005 9:25 AM
>>> Subject: How should I react to break in attempts
>>>
>>>
>>>
>>>> I'm gettign mail from logwatch as to the following:
>>>>
>>>> root (en201247.uac63.hknet.com): 3 Time(s)
>>>>
>>>>
>>>> What's my best plan of action to respond to such? Yes I root logins
>>>> via
>>>> sshd disabled.
>>>>
>>>> Thanks for the advice.
>>>>
>>>
>>> Since you have remote root access disabled, the only other thing you
>>> can do
>>> is to just make sure that everyone uses strong passwords on the
>>> machine.
>>> You can also limit users who can su to root following the
>>> instructions at
>>> http://www.faqs.org/docs/securing/chap5sec43.html.
>>>
>>> That way even if they do break in as user joe, if joe is not a part
>>> of the
>>> wheel group he can never brute force or dictionary attack the root
>>> account.
>>>
>>> Thomas
>>>
>>> --
>>> fedora-list mailing list
>>> fedora-list at redhat.com
>>> To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
>>>
>>>
>>
>>
>>
>>
>
More information about the users
mailing list