I agree with both comments but recommend that you disable the ability of root to login at all. Users can always su to root. Howto here: (Fedora is /etc/ssh/sshd_config) http://www.karkomaonline.com/article.php?story=20030803200809356 On Mon, 2004-08-09 at 11:06, Alexander Dalloz wrote: > Am Mo, den 09.08.2004 schrieb Dave Rinker um 7:06: > > > For those not familiar with swatch you can get it here: > > http://swatch.sourceforge.net/ > > Make sure you get 3.0.8 because "exec" was not working for me in the > > newer versions. > > > #start > > > > watchfor /sshd.*: Failed password for root from/ > > mail=myaddress,subject=Root_Login_Attempt > > exec /sbin/iptables -I INPUT -i eth0 -s $11 -d 0/0 -p tcp > > --dport 22 -j DROP > > > > watchfor /sshd.*: Illegal user/ > > mail=myaddress,subject=Illegal_user_attempt > > exec /sbin/iptables -I INPUT -i eth0 -s $10 -d 0/0 -p tcp > > --dport 22 -j DROP > > > > #end > > swatch is certainly a nice tool to automatically observe logfiles and > react on specific occasions. See i.e. > > http://www.fedoranews.org/ghenry/swatch/ > > Short comment on above example by Dave: be careful to not exclude > yourself from access on a remote system! This is easily done with above > code: first case - you mistype your root's password; second case - you > mistype your username. > > Alexander >
Attachment:
signature.asc
Description: This is a digitally signed message part
