Robert T Wyatt wrote: [snip] > Due to this setting in denyhosts.cfg: > > BLOCK_SERVICE = ALL > > (version 2.5)
You are right, I'm the one that singled out sshd (and didn't remember it). [snip] > Next, I want to see if I can use denyhosts' regex features to read my > snort.org output; things like this: > > [Time 2006.11.03 14:53:46 UTC] [Facility authpriv] [Sender snort] [PID > -1] [Message Portscan detected from 207.42.85.10 Talker(fixed: 30 > sliding: 14) Scanner(fixed: 0 sliding: 0)] [Level 1] [UID -2] [GID -2] > [Host robert-wyatts-emac] > [Time 2006.11.03 14:53:49 UTC] [Facility authpriv] [Sender snort] [PID > -1] [Message Portscan detected from 207.42.85.10 Talker(fixed: 46 > sliding: 30) Scanner(fixed: 0 sliding: 0)] [Level 1] [UID -2] [GID -2] > [Host robert-wyatts-emac] I use fail2ban on another server because of the multiple log file scanning capability (and multiple rules to execute for each one); that way I also detect ftp break in attempts, and later perhaps others. -- René Berber ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
