On Wed, 16 Nov 2005 00:05:39 +0000 Adam Hardy <adam.ant@cyberspaceroad.com> wrote: > I don't think the attacker gained access, but I would like some sort > of mechanism that would cause the OS to email me whenever someone > logs in - which is going to be less than once a day. > Take a look at the programs logwatch and logcheck. Both are available via apt and should do what you want. This is a fairly common SSH brute force attack. As long as you have secure usernames and passwords you are probably OK. However this attack IS annoying and it's not going to stop any time soon. You may want to look at authenticating SSH with shared keys and disable password authentication all together. If that is not an option, set up PAM and PAM_TALLY to temporarily disable accounts after a number of failed login attempts. Remember...we're all in this together. Good Luck, -- Bill Thompson BillT@Mahagonny.com
Attachment:
pgphmRCkR4_XH.pgp
Description: PGP signature