Am Mo, den 09.08.2004 schrieb Dave Rinker um 7:06: > For those not familiar with swatch you can get it here: > http://swatch.sourceforge.net/ > Make sure you get 3.0.8 because "exec" was not working for me in the > newer versions. > #start > > watchfor /sshd.*: Failed password for root from/ > mail=myaddress,subject=Root_Login_Attempt > exec /sbin/iptables -I INPUT -i eth0 -s $11 -d 0/0 -p tcp > --dport 22 -j DROP > > watchfor /sshd.*: Illegal user/ > mail=myaddress,subject=Illegal_user_attempt > exec /sbin/iptables -I INPUT -i eth0 -s $10 -d 0/0 -p tcp > --dport 22 -j DROP > > #end swatch is certainly a nice tool to automatically observe logfiles and react on specific occasions. See i.e. http://www.fedoranews.org/ghenry/swatch/ Short comment on above example by Dave: be careful to not exclude yourself from access on a remote system! This is easily done with above code: first case - you mistype your root's password; second case - you mistype your username. Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp Serendipity 17:00:50 up 5 days, 10:28, load average: 0.22, 0.21, 0.18
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
