Re: SSH attack
Alvin Oga wrote:
On Mon, 10 Oct 2005, Marty wrote:
> simple test ...
> ( use your positive or negative logic equivalents for these files )
> ALL : ALL
I'm not sure that will work with the manpage example I gave.
works for me ... no services coming in that is not supposed to
I meant sending the email alert as described in the manpage.
> you'll find that you will need to have
> sshd : 192.168.123.456
> restart the inetd or sshd as needed
Don't forget to add your ssh entry in /etc/inetd.conf.
everything is turned off, sshd is NOT listed in inetd.conf or xinetd.conf
whichever one is being used .. and similarly for the [x]inetd daemon
- sshd does its own magic based on the allow/deny entries
I had forgotten about that. It really got me the first time I tried
to run ssh, and it doesn't seem to be well documented anywhere.
Still it seems better to start ssh from (x)inetd for security reasons.
grep whatever you like from the gazillion log files for ssh this and ssh
I don't know what you're getting at here. The idea is to get a realtime email alert.