Just do the following as root:
grep sshd /var/log/messages |grep "Invalid user"| \
awk '{print $NF}'|sort|uniq -c|sort -n
As most people know, sshd attacks are very common. Also there are various
tools out there that can be used to block these attacks.
Would there be a possability to have such a thing included in 10.2?
Some scripts that are out there:
http://www.csc.liv.ac.uk/~greg/sshdfilter/
http://www.aczoom.com/cms/blockhosts
http://www.securiteam.com/tools/5JP0520G0Q.html
http://linuxmafia.com/pub/linux/security/sshd_sentry/sshd_sentry
http://denyhosts.sourceforge.net/
And I am sure there are several more. I think it would help making SUSE a
bit safer and cleans up the logfiles rather nicely.
It should be something that does not run with cron, as it is to slow to
run only each minute.
--
>From the day the male foetus' hands grow long enough to grasp at their 'third
leg', until the man in question is dead and buried, the penis is a constant
source of amusement and amazement to those of the male gender.
http://www.bbc.co.uk/dna/h2g2/A219061
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
