subject:"\[opensuse\] Re\: block failed ssh login attacks\? \(like fail2ban on ubuntu\)"

[opensuse] Re: block failed ssh login attacks? (like fail2ban on ubuntu)

2006-12-20 Thread Craig Millar

On 19/12/06 18:35 -0500, Patrick Shanahan wrote:
 * [EMAIL PROTECTED] [EMAIL PROTECTED] [12-19-06 18:19]:
  Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from
  200.222.17.14
  
  ... on an older machine, I use fail2ban to look for this kind of
  harassment and block the IP for some amount of time.
  
  Is there anything to accomplish this for SuSE?
  
 
 I use DenyHosts, http://www.denyhosts.net
 
 but there is no openSUSE rpm for installing.  I used the python
 installer provided with the tar-ball.

*unofficial* builds here:
http://ftp-1.gwdg.de/pub/opensuse/repositories/home:/countdrunkula/

rgds
Craig
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[opensuse] Re: block failed ssh login attacks? (like fail2ban on ubuntu)

2006-12-19 Thread Joachim Schrod


[EMAIL PROTECTED] wrote:

I get gobs of messages like this in /var/log/messages:

Dec 19 14:27:41 shoehorn sshd[11058]: Invalid user manager from
200.222.17.14
Dec 19 14:27:44 shoehorn sshd[11062]: Invalid user majordomo from
200.222.17.14
Dec 19 14:27:54 shoehorn sshd[11070]: Invalid user master from
200.222.17.14
Dec 19 14:28:06 shoehorn sshd[11080]: Invalid user named from
200.222.17.14
Dec 19 14:28:09 shoehorn sshd[11084]: Invalid user nasa from
200.222.17.14
Dec 19 14:28:16 shoehorn sshd[11088]: Invalid user netdump from
200.222.17.14
Dec 19 14:28:36 shoehorn sshd[11100]: Invalid user nfsnobody from
200.222.17.14
Dec 19 14:28:39 shoehorn sshd[11104]: Invalid user operator from
200.222.17.14

... on an older machine, I use fail2ban to look for this kind of
harassment and block the IP for some amount of time.

Is there anything to accomplish this for SuSE?


fail2ban.

Well, seriously, though there is no RPM package for SUSE (well, at 
least none that I know of), the fail2ban source works quite well.


Granted, it would be a very good addition to openSUSE, for a future 
release or for the build service.


Cheers,
Joachim

--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Joachim Schrod  Email: [EMAIL PROTECTED]
Roedermark, Germany

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: [opensuse] Re: block failed ssh login attacks? (like fail2ban on ubuntu)

2006-12-19 Thread Michael Nelson

On Wed, Dec 20, 2006 at 02:13:02AM +0100, Joachim Schrod wrote:

 fail2ban.

I switched from fail2ban to denyhosts on the 30 or so Linux servers I admin.
I much prefer it.

Michael

-- 

San Francisco, CA
-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

[opensuse] Re: block failed ssh login attacks? (like fail2ban on ubuntu)

[opensuse] Re: block failed ssh login attacks? (like fail2ban on ubuntu)

Re: [opensuse] Re: block failed ssh login attacks? (like fail2ban on ubuntu)

3 matches

Site Navigation

Mail list logo

Footer information