[WBEL-users] Daily SSH attempted logins
Jesse
j at lumiere.net
Sun Mar 6 01:30:09 CST 2005
On Sun, 6 Mar 2005, Sudev Barar wrote:
> Can you share the script?
The original version by Victor Danilchenko:
http://www.linuxmafia.com/pub/linux/security/sshd_sentry/sshd_sentry
It has extra stuff, like sharing its blocklists between multiple hosts.
Personally I didn't want my daemon accepting any kind of network
connections, so I ripped that stuff out. But the version there works.
If someone wants my version, which is basically the same except it rips
out all network stuff, is a little more verbose in logging, and recognizes
a few more log lines like postfix SASL auth failures, some dovecot
message, etc, send me a mail privately and I'll send a copy after I've had
a coupel days to clean it up.
Either version works and is pretty easy to get going. Just keep in mind it
works by hosts.deny, so services that don't use tcpwrappers won't block
connections. If you just want to stop the brute force ssh attempts though,
that's enough.
---
Jesse <j at lumiere.net>
More information about the Whitebox-users
mailing list