Arthur Pemberton wrote:
Steven Joerger wrote:
You might look at this tool to help you with this issue:
http://denyhosts.sourceforge.net/
I haven't tried it myself yet, but after all the ssh attempts i've
been seeing in my daily emails I intend to.
Steve
This looks very very cool, I'll be tring it tonight.
I am now a proud user of this.
On Apr 8, 2005 3:14 PM, Thomas Cameron
<thomas.cameron@xxxxxxxxxxxxxxx> wrote:
----- Original Message -----
From: "Arthur Pemberton" <dalive@xxxxxxxxxxxxx>
To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Sent: Friday, April 08, 2005 9:25 AM
Subject: How should I react to break in attempts
I'm gettign mail from logwatch as to the following:
root (en201247.uac63.hknet.com): 3 Time(s)
What's my best plan of action to respond to such? Yes I root logins
via
sshd disabled.
Thanks for the advice.
Since you have remote root access disabled, the only other thing you
can do
is to just make sure that everyone uses strong passwords on the
machine.
You can also limit users who can su to root following the
instructions at
http://www.faqs.org/docs/securing/chap5sec43.html.
That way even if they do break in as user joe, if joe is not a part
of the
wheel group he can never brute force or dictionary attack the root
account.
Thomas
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
