Re: How should I react to break in attempts

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Subject: Re: How should I react to break in attempts
From: "Thomas Cameron" <thomas.cameron@xxxxxxxxxxxxxxx>
Date: Fri, 8 Apr 2005 14:14:23 -0500
List-archive: <https://www.redhat.com/archives/fedora-list>
List-help: <mailto:[email protected]?subject=help>
List-id: For users of Fedora Core releases <fedora-list.redhat.com>
List-post: <mailto:[email protected]>
List-subscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=subscribe>
List-unsubscribe: <http://www.redhat.com/mailman/listinfo/fedora-list>, <mailto:[email protected]?subject=unsubscribe>
References: <[email protected]>
Reply-to: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>

----- Original Message ----- From: "Arthur Pemberton" <dalive@xxxxxxxxxxxxx> To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx> Sent: Friday, April 08, 2005 9:25 AM Subject: How should I react to break in attempts

I'm gettign mail from logwatch as to the following:
root (en201247.uac63.hknet.com): 3 Time(s)
What's my best plan of action to respond to such? Yes I root logins via sshd disabled.

Thanks for the advice.

Since you have remote root access disabled, the only other thing you can do is to just make sure that everyone uses strong passwords on the machine. You can also limit users who can su to root following the instructions at http://www.faqs.org/docs/securing/chap5sec43.html.

That way even if they do break in as user joe, if joe is not a part of the wheel group he can never brute force or dictionary attack the root account.

Thomas

Follow-Ups:
- Re: How should I react to break in attempts
  - From: Steven Joerger

References:
- How should I react to break in attempts
  - From: Arthur Pemberton

Prev by Date: Re: When are KDE and KFCE getting updated in FC?
Next by Date: rsync passwordless in a script problem
Previous by thread: Re: How should I react to break in attempts
Next by thread: Re: How should I react to break in attempts
Index(es):
- Date
- Thread

[Index of Archives] [Current Fedora Users] [Fedora Desktop] [Fedora SELinux] [Yosemite News] [Yosemite Photos] [KDE Users] [Fedora Tools] [Fedora Docs]

Powered by Linux