On Wed, Jan 12, 2005 at 04:57:41PM +1100, Andrew Pollock wrote: > Hi, > > I've done some cursory apt-cache searching, and nothing's jumped out at > me...
Have you read this? http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s-log-alerts Logcheck is more or less the standard way of doing this in Debian although others like alternative logchecking tools. I've been meaning to look at btail (a bayesian log filter that could probably make it easier to generate the logcheck ignore patters, see http://www.vanheusden.com/btail/. Also LoGS (http://savannah.nongnu.org/projects/logs/) might be of interested (still in active development, looks promising) Note that the URL that the document points to (Counterpane's) is not current, it should be http://www.loganalysis.org/ (wonderful source of log analysis information maintained by Tina Bird, of Standfor University) This is actually fixed in the document source (CVS) but it has not yet propagated to the online version :-( > I want to tarpit excessive SSH login failures. You might want to review the discussion on this we had at this same list, available at http://lists.debian.org/debian-security/2004/10/msg00118.html (I'm not sure the PAM module developed by Kevin is useful for you, but the thread has a lot of suggestions from many people, me includd). Check out also http://ethernet.org/~brian/src/timelox/ which might or might not do what you are looking for (found this while reading http://seclists.org/lists/incidents/2004/Dec/0039.html, which is also an interesting read) Hope that helps Javier
signature.asc
Description: Digital signature
