On Fri, 5 Nov 2004 07:23:40 +0100
Andrea Vettorello <email@example.com> wrote:
> On Fri, 5 Nov 2004 12:34:38 +1100, Matthew Joyce
> <firstname.lastname@example.org> wrote:
> > Hi,
> > I was just checking some logs on a woody box and just want to
> > clarify something.
> > Stuff like this :
> > Nov 3 00:06:25 donate sshd: Failed password for root from
> > 188.8.131.52 port 43958 ssh2
> > ..and there are pages and pages of it.
> > This is someone trying to login as root right ?
> If you look on fulldisclosure mailing list, some time ago more
> than one noticed password guessing attempt at the ssh daemon,
> probably there's a script circulating...
> > I have ssh configured so root cannot login, but I want to show
> > some stats to management to elevate the need to be security
> > conscious, are there any packages which will analyse these logs
> > and produce a nice report, a summary perhaps ?
> I don't know about this one.
You could run the results of this command through a script to count
grep 'Failed password' /var/log/auth.log
Injustice anywhere is a threat to justice everywhere.
--Martin Luther King, Jr.
- From: "Matthew Joyce" <MJoyce@ccia.unsw.edu.au>
- Re: Auth.log
- From: Andrea Vettorello <email@example.com>