Am 2005-04-25 10:03:29, schrieb Alvin Oga: > - use /etc/hosts.deny to deny everything > ALL:ALL > > - use /etc/hosts.allow to allow incoming ssh from ip# you trust > sshd: 192.168.1.1 w.x.y.z
I have encountered then sshd read this two files every time anyone try to login Now I have setup my /etc/syslog.conf to pipe the sshd log into a script which detect the "haccing attemped and put the IP into /etc/hosts.deny dynamicly. :-) Now I have very small sshd.log of some kByte because before I used piping I had around 1,3 to 60 MByte per week. Oh yes, blacklisted IPs stay 3 hour after last false login there and then they are automaticly deleted. It works with a simpel text/plain database serialdate ipaddress > c ya > alvin Greetings Michelle -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/3/88452356 67100 Strasbourg/France IRC #Debian (irc.icq.com)
signature.pgp
Description: Digital signature
