Re: Auth.log
On Fri, 5 Nov 2004 12:34:38 +1100, Matthew Joyce
<mjoyce@ccia.unsw.edu.au> wrote:
>
>
> Hi,
>
> I was just checking some logs on a woody box and just want to clarify
> something.
>
> Stuff like this :
>
[...]
> Nov 3 00:06:25 donate sshd[3666]: Failed password for root from
> 61.218.125.178 port 43958 ssh2
>
> ..and there are pages and pages of it.
>
> This is someone trying to login as root right ?
>
If you look on fulldisclosure mailing list, some time ago more than
one noticed password guessing attempt at the ssh daemon, probably
there's a script circulating...
> I have ssh configured so root cannot login, but I want to show some
> stats to management to elevate the need to be security conscious, are
> there any packages which will analyse these logs and produce a nice
> report, a summary perhaps ?
>
I don't know about this one.
Andrea
Reply to:
- References:
- Auth.log
- From: "Matthew Joyce" <MJoyce@ccia.unsw.edu.au>