Re: Auth.log

To: debian-user@lists.debian.org
Subject: Re: Auth.log
From: Andrea Vettorello <andrea.vettorello@gmail.com>
Date: Fri, 5 Nov 2004 07:23:40 +0100
Message-id: <[🔎] 7d54402404110422234a5c129c@mail.gmail.com>
Reply-to: Andrea Vettorello <andrea.vettorello@gmail.com>
In-reply-to: <[🔎] 5706A0B8D49EB5438DDB623E59FF14FD57421B@mail01.ccia.local>
References: <[🔎] 5706A0B8D49EB5438DDB623E59FF14FD57421B@mail01.ccia.local>

On Fri, 5 Nov 2004 12:34:38 +1100, Matthew Joyce
<mjoyce@ccia.unsw.edu.au> wrote:
> 
> 
> Hi,
> 
> I was just checking some logs on a woody box and just want to clarify
> something.
> 
> Stuff like this :
> 

[...]

> Nov  3 00:06:25 donate sshd[3666]: Failed password for root from
> 61.218.125.178 port 43958 ssh2
> 
> ..and there are pages and pages of it.
> 
> This is someone trying to login as root right ?
> 

If you look on fulldisclosure mailing list, some time ago more than
one noticed  password guessing attempt at the ssh daemon, probably
there's a script circulating...

> I have ssh configured so root cannot login, but I want to show some
> stats to management to elevate the need to be security conscious, are
> there any packages which will analyse these logs and produce a nice
> report, a summary perhaps ?
> 

I don't know about this one.


Andrea

Reply to:

Follow-Ups:
- Re: Auth.log
  - From: Raquel Rice <raquel@thericehouse.net>

References:
- Auth.log
  - From: "Matthew Joyce" <MJoyce@ccia.unsw.edu.au>

Prev by Date: Re: Redirect console output
Next by Date: [OT] lftp not using cached directory listings
Previous by thread: Auth.log
Next by thread: Re: Auth.log
Index(es):
- Date
- Thread