On Tue, 04 Sep 2007 12:31:15 +0300, Lars Wirzenius <[EMAIL PROTECTED]> wrote:
>> I stop brute force attacks by sending auth log messages to a FIFO which I >> read with a perl script. After 10 login failures, your IP is firewalled for >> 24 hours. >I'm sure it does work great. Can you work on making sure it is the >default in lenny if openssh-server is installed? It's the type of thing an admin can do locally: set up syslog.conf so that it copies auth log data to a FIFO: > auth.info -/var/log/auth > auth.=notice -/var/log/auth.notice > auth.=notice |/var/tmp/hostaccess.sshd And then read it with a program or script which makes local decisions on how to handle it. If someone wants to take that idea and distribute it with debian, go for it. Personally, I don't have time to fight the political battle that would ensue. -- Internet service http://www.isp2dial.com/
