denyhosts-2.6_7 Script to thwart ssh attacks
Tomáš Drgoň
tomas.drgon at truni.sk
Thu Jan 17 18:06:28 CET 2019
Sa opravim.
On 17. 1. 2019 15:53, Tomáš Drgoň wrote:
>
> Potom pam_af vlastne funguje ako denyhosts. Zo zakazanej IP nie je
> dovolene zadat heslo a prihlasit sa do SSH. Teda v logu
> /var/log/auth.log to je takto :
>
> Jan 17 15:07:59 mailgw sshd[29032]: Disconnecting invalid user mike
> 91.236.116.214 port 58662: Change of username or service not allowed:
> (mike,ssh-connection) -> (monitor,ssh-connection) [preauth]
Tento log hovori o niecom inom.
>
> A teda v logoch (aj messages) su stale viditelne pokusy o prihlasenie
> (tapetovanie pokracuje).
>
>
Po restarte servera sa uz logy neplnia utokmi. Tak neviem ci prestali,
alebo zafungoval TCP wrapper.
Aby teda zafungovali nastavenia v /etc/hosts.allow je potrebne spustit
inetd ?
TD
More information about the Users-l
mailing list