Well the answer is yes there are for things like email and other specific services. These are lists you generally pay to get access to the reason being it takes a lot of constant work to maintain them.
Your best bet though is to run snort and possibly a console like base (just search "snort base" you should find it quickly) If you are really brave and paranoid you can also run snort "inline" in your firewall; however I don't know of any one who has ever done that in a production environment. Snort in inline mode links into iptables and or a squid proxy and will acctivly drop and log any thing it finds objectionable. The problem is untill it's tuned correctly snort tends to find every thing it sees objectionable. The other thing you can do is log monitoring on a central syslog server. In the past Red Hat use to install logwatch on every host resulting in a deluge of daily email reports which were annoying. But if you run logwatch on a central syslog server and you actually tune the settings logwatch becomes your best friend because it will give you an easy to read daily report encompassing you're entire infrastructure. Sent from my BlackBerry 10 smartphone. Original Message From: hansel Sent: Monday, February 9, 2015 09:57 To: SCIENTIFIC-LINUX-USERS@FNAL.GOV Subject: Is there any data base collecting data on breakin attempts? I accept it as normal many (upwards of several thousand) daily root breaking attempts. My defense is careful sshd configuration and restrictive incoming router firewall. Does anyone mantain a database of consistently offending sites (maybe a news source, such as politico or propublica)? Initial use of whois and dig for a few returned familiar countries of origin, coutries that may encourage or even sponsor some attempts. I searched the archive for "breakin" and "failed" with an without subject line qualifiers (like "root") and found nothing. Thank you. mark hansel
