You might look at this tool to help you with this issue: http://denyhosts.sourceforge.net/ I haven't tried it myself yet, but after all the ssh attempts i've been seeing in my daily emails I intend to. Steve On Apr 8, 2005 3:14 PM, Thomas Cameron <thomas.cameron@xxxxxxxxxxxxxxx> wrote: > ----- Original Message ----- > From: "Arthur Pemberton" <dalive@xxxxxxxxxxxxx> > To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx> > Sent: Friday, April 08, 2005 9:25 AM > Subject: How should I react to break in attempts > > > I'm gettign mail from logwatch as to the following: > > > > root (en201247.uac63.hknet.com): 3 Time(s) > > > > > > What's my best plan of action to respond to such? Yes I root logins via > > sshd disabled. > > > > Thanks for the advice. > > Since you have remote root access disabled, the only other thing you can do > is to just make sure that everyone uses strong passwords on the machine. > You can also limit users who can su to root following the instructions at > http://www.faqs.org/docs/securing/chap5sec43.html. > > That way even if they do break in as user joe, if joe is not a part of the > wheel group he can never brute force or dictionary attack the root account. > > Thomas > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list >
