Nice tool. I will use it. Thanks
2009/7/10 Aleksander Podsiadly <a...@westside.kielce.pl>: > W dniu 09.07.2009 23:28, nightduke pisze: > > i don't understand, can you explain? > > Thanks > > > 2009/7/9 Aleksander Podsiadly <a...@westside.kielce.pl>: > > > W dniu 07.07.2009 00:36, Jake Vickers pisze: > > > *Those* types of attacks can be handled with fail2ban. > > > And with ossec-hids. > > -- > Pozdrawiam / Regards, > Aleksander Podsiadły > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and packages. > To unsubscribe, e-mail: > qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com > > > > > > --------------------------------------------------------------------------------- > Qmailtoaster is sponsored by Vickers Consulting Group > (www.vickersconsulting.com) > Vickers Consulting Group offers Qmailtoaster support and installations. > If you need professional help with your setup, contact them today! > --------------------------------------------------------------------------------- > Please visit qmailtoaster.com for the latest news, updates, and > packages. > > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com > For additional commands, e-mail: > qmailtoaster-list-h...@qmailtoaster.com > > > > > > > OSSEC is intrusion detection system. It performs log log analysis, for > example maillog. It can alert you and allows automaticaly execute commands > when a specific event is triggered. It's scalable, you can write your own > rules. > Project site: http://www.ossec.net/ > > Real examples, 2 alerts when when I was writing this post: > 8<-- > > OSSEC HIDS Notification. > 2009 Jul 10 07:49:10 > > Received From: (opatow) xxx.xxx.xxx.xxx->/var/log/secure > > Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access to the > system." > Portion of the log(s): > > Jul 10 07:49:21 srv sshd[25153]: Invalid user oracle from 211.219.166.235 > Jul 10 07:49:18 srv sshd[25151]: Invalid user bind from 211.219.166.235 > Jul 10 07:48:55 srv sshd[29527]: Invalid user oracle from > ::ffff:211.219.166.235 > Jul 10 07:48:52 srv sshd[29525]: Invalid user bind from > ::ffff:211.219.166.235 > Jul 10 07:48:38 srv sshd[25080]: Invalid user oracle from 211.219.166.235 > Jul 10 07:48:28 srv sshd[25074]: Invalid user sami from 211.219.166.235 > Jul 10 07:48:10 srv sshd[29499]: Invalid user oracle from > ::ffff:211.219.166.235 > > --END OF NOTIFICATION > OSSEC HIDS Notification. > 2009 Jul 10 07:51:45 > > Received From: (jedrzejow) yyy.yyy.yyy.yyy->/var/log/secure > Rule: 5712 fired (level 10) -> "SSHD brute force trying to get access to the > system." > Portion of the log(s): > > Jul 10 07:51:43 srv sshd[29640]: Invalid user nagios from > ::ffff:211.219.166.235 > Jul 10 07:51:40 srv sshd[29638]: Invalid user nagios from > ::ffff:211.219.166.235 > Jul 10 07:51:37 srv sshd[29636]: Invalid user nagios from > ::ffff:211.219.166.235 > Jul 10 07:51:34 srv sshd[29634]: Invalid user nagios from > ::ffff:211.219.166.235 > Jul 10 07:51:02 srv sshd[29614]: Invalid user test from > ::ffff:211.219.166.235 > Jul 10 07:50:40 srv sshd[29600]: Invalid user mythtv from > ::ffff:211.219.166.235 > Jul 10 07:50:25 srv sshd[29590]: Invalid user cgi-bin from > ::ffff:211.219.166.235 > > --END OF NOTIFICATION > > 8<-- EOT > > This 2 host are blocked for 10 minutes and my logs are shorter. :) > > -- > Pozdrawiam / Regards, > Aleksander Podsiadły > --------------------------------------------------------------------------------- Qmailtoaster is sponsored by Vickers Consulting Group (www.vickersconsulting.com) Vickers Consulting Group offers Qmailtoaster support and installations. If you need professional help with your setup, contact them today! --------------------------------------------------------------------------------- Please visit qmailtoaster.com for the latest news, updates, and packages. To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
