[PLUG] denyhosts for illegal ssh login attempts
Rich Shepard
rshepard at appl-ecosys.com
Mon May 16 17:07:05 UTC 2005
On Mon, 16 May 2005, Keith Lofstrom wrote:
> I got tired of seeing 2000 line logwatch reports with lines like:
Keith,
Mine don't get that large, but I sometimes see dictionary attacks that are
lengthy.
> Eventually, the bastards might even make it in. So I downloaded a program
> called DenyHosts ( http://denyhosts.sourceforge.net ) which is called from
> cron, scans /var/log/secure and adds entries to /etc/hosts.deny .
Kewel. Thanks for the pointer.
> The python program install isn't well documented (including a bit about
> "from version import VERSION" which I commented out) and I would prefer
> something that responded to the log process itself rather than being called
> by cron to scan /var/log files.
I have a very large postfix UCE table called badip. I suspect that sshd
cracking attempts would drop to zero if hosts.deny could be linked to include
badip. Could this be done? It would coordinate sshd and spam-mail rejections
and keep hosts.deny reasonably short.
Thanks,
Rich
--
Dr. Richard B. Shepard, President
Applied Ecosystem Services, Inc. (TM)
<http://www.appl-ecosys.com> Voice: 503-667-4517 Fax: 503-667-8863
More information about the PLUG
mailing list