denyhosts-2.6_7 Script to thwart ssh attacks

Tomáš Drgoň tomas.drgon at truni.sk
Thu Jan 17 18:06:28 CET 2019


Sa opravim.


On 17. 1. 2019 15:53, Tomáš Drgoň wrote:
>
> Potom pam_af vlastne funguje ako denyhosts. Zo zakazanej IP nie je 
> dovolene zadat heslo a prihlasit sa do SSH.   Teda v logu 
> /var/log/auth.log to je takto :
>
> Jan 17 15:07:59 mailgw sshd[29032]: Disconnecting invalid user mike 
> 91.236.116.214 port 58662: Change of username or service not allowed: 
> (mike,ssh-connection) -> (monitor,ssh-connection) [preauth]

Tento log hovori o niecom inom.


>
> A teda v logoch (aj messages) su stale viditelne pokusy o prihlasenie 
> (tapetovanie pokracuje).
>
>
Po restarte servera sa uz logy neplnia utokmi. Tak neviem ci prestali, 
alebo zafungoval TCP wrapper.

Aby teda zafungovali nastavenia v /etc/hosts.allow je potrebne spustit 
inetd ?

TD









More information about the Users-l mailing list