On Fri, 5 Nov 2004 07:23:40 +0100 Andrea Vettorello <[EMAIL PROTECTED]> wrote:
> On Fri, 5 Nov 2004 12:34:38 +1100, Matthew Joyce > <[EMAIL PROTECTED]> wrote: > > > > > > Hi, > > > > I was just checking some logs on a woody box and just want to > > clarify something. > > > > Stuff like this : > > > > [...] > > > Nov 3 00:06:25 donate sshd[3666]: Failed password for root from > > 61.218.125.178 port 43958 ssh2 > > > > ..and there are pages and pages of it. > > > > This is someone trying to login as root right ? > > > > If you look on fulldisclosure mailing list, some time ago more > than one noticed password guessing attempt at the ssh daemon, > probably there's a script circulating... > > > I have ssh configured so root cannot login, but I want to show > > some stats to management to elevate the need to be security > > conscious, are there any packages which will analyse these logs > > and produce a nice report, a summary perhaps ? > > > > I don't know about this one. > > > Andrea > You could run the results of this command through a script to count the results. grep 'Failed password' /var/log/auth.log -- Raquel ============================================================ Injustice anywhere is a threat to justice everywhere. --Martin Luther King, Jr. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
