On Thu, 2004-08-26 at 10:24, Tim Kelley wrote: > On Thu, Aug 26, 2004 at 08:14:50AM +1000, Michael Bellears wrote: > > > No - He wants to be notified immediately if an FTP or SSH connection is > > established. > > Using snort and tailing the logfile, it doesn't get much more real > time than that. Just modify the config files to treat all accesses as > alerts. Use acidlab with it and you have a history of every access, > ever. >
Another option might be to use a PAM module. I don't know if there already exists a suitable pam module, but if not then writing one shouldn't be too hard. Then just add it to /etc/pam.d/ssh. Cheers, Simon -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]