[SATLUG] security, brute force ssh, and others
geofff at w5omr.shacknet.nu
Wed Apr 30 07:28:58 CDT 2008
Daniel J. Givens wrote:
> The answer you seek is Fail2Ban (www.fail2ban.org). It will watch your
> logs for (definable) patterns and do (definable) actions, such as
> adding netfilter rules to drop traffic from offending hosts. I've used
> it to great success to block bots like this.
> By the way, this is extremely common. You really don't have anything
> to worry about here. Just make sure remote root login is disabled in
> SSH and think about setting up a group called sshusers and add the
> AllowGroups option to /etc/ssh/sshd_config.
There was talk around here, of setting up a 'tar-baby' (for lack of a
better term, or better memory). Honey Pot, I think it was called.
Something to draw the pests to and presumably do something to them, at
Did that ever get done?
More information about the SATLUG