Re: [opensuse-factory] makeSUSEdvd Beta GUI testers seeked
On Sun, Jul 16, 2006 at 12:45:22AM +0200, Chema Ollés wrote: Hi Houghi: It works to me... ;-) I use SL-10.2-alpha2 with e17 Thanks for the feedback. -- From the day the male foetus' hands grow long enough to grasp at their 'third leg', until the man in question is dead and buried, the penis is a constant source of amusement and amazement to those of the male gender. http://www.bbc.co.uk/dna/h2g2/A219061 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[opensuse-factory] sshd attacks blocked by default request
Just do the following as root:
grep sshd /var/log/messages |grep Invalid user| \
awk '{print $NF}'|sort|uniq -c|sort -n
As most people know, sshd attacks are very common. Also there are various
tools out there that can be used to block these attacks.
Would there be a possability to have such a thing included in 10.2?
Some scripts that are out there:
http://www.csc.liv.ac.uk/~greg/sshdfilter/
http://www.aczoom.com/cms/blockhosts
http://www.securiteam.com/tools/5JP0520G0Q.html
http://linuxmafia.com/pub/linux/security/sshd_sentry/sshd_sentry
http://denyhosts.sourceforge.net/
And I am sure there are several more. I think it would help making SUSE a
bit safer and cleans up the logfiles rather nicely.
It should be something that does not run with cron, as it is to slow to
run only each minute.
--
From the day the male foetus' hands grow long enough to grasp at their 'third
leg', until the man in question is dead and buried, the penis is a constant
source of amusement and amazement to those of the male gender.
http://www.bbc.co.uk/dna/h2g2/A219061
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] sshd attacks blocked by default request
On Sun, Jul 16, 2006 at 12:24:57PM +0200, houghi wrote:
Just do the following as root:
grep sshd /var/log/messages |grep Invalid user| \
awk '{print $NF}'|sort|uniq -c|sort -n
As most people know, sshd attacks are very common. Also there are various
tools out there that can be used to block these attacks.
Would there be a possability to have such a thing included in 10.2?
Some scripts that are out there:
http://www.csc.liv.ac.uk/~greg/sshdfilter/
http://www.aczoom.com/cms/blockhosts
http://www.securiteam.com/tools/5JP0520G0Q.html
http://linuxmafia.com/pub/linux/security/sshd_sentry/sshd_sentry
http://denyhosts.sourceforge.net/
And I am sure there are several more. I think it would help making SUSE a
bit safer and cleans up the logfiles rather nicely.
It should be something that does not run with cron, as it is to slow to
run only each minute.
If you are interested, I now use http://www.aczoom.com/cms/blockhosts as
it tests each and every time when a connection is made.
The only thing I needed to edit was to let it look at /var/log/messages
and three extra lines in /etc/hosts.allow
Strangely the RPM on the site gave an error about env not being available,
so I used the gziped file.
--
From the day the male foetus' hands grow long enough to grasp at their 'third
leg', until the man in question is dead and buried, the penis is a constant
source of amusement and amazement to those of the male gender.
http://www.bbc.co.uk/dna/h2g2/A219061
-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] sshd attacks blocked by default request
Hello, Am Sonntag, 16. Juli 2006 12:24 schrieb houghi: As most people know, sshd attacks are very common. Also there are various tools out there that can be used to block these attacks. [...] It should be something that does not run with cron, as it is to slow to run only each minute. The ipt_recent module can do this job without adding a new package: https://bugzilla.novell.com/show_bug.cgi?id=104602 The only problem with this: it will also block IPs that legally open more than the allowed number of SSH connections per minute - but I don't consider this a real problem, who needs more than 5 [1] new SSH connections per minute? ;-) Regards, Christian Boltz [1] number is configurable, of course -- Die Nutzung der Datenbank für die Bunte Mischung Deutschland veschiebt sich wegen Dämlichkeit des Programmierers auf unbestimmte Zeit. Wir bitten die Verzögerung zu entschuldigen und hoffen auf Ihr Verständnis! [Andreas Schott] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [opensuse-factory] sshd attacks blocked by default request
On Sun, Jul 16, 2006 at 03:33:18PM +0200, Christian Boltz wrote: Hello, Am Sonntag, 16. Juli 2006 12:24 schrieb houghi: As most people know, sshd attacks are very common. Also there are various tools out there that can be used to block these attacks. [...] It should be something that does not run with cron, as it is to slow to run only each minute. The ipt_recent module can do this job without adding a new package: https://bugzilla.novell.com/show_bug.cgi?id=104602 The only problem with this: it will also block IPs that legally open more than the allowed number of SSH connections per minute - but I don't consider this a real problem, who needs more than 5 [1] new SSH connections per minute? ;-) Most users will indeed not need more then 5 new SH connection per minute from the same IP. And if they do, then most likley they have some experience with sshd servers and should be able to figure things out themselves after turning of ipt_recent. I have not enough experience in these things to know wether or not blocking IPs at that level is unwanted. Perhaps for SLED or SLES it is. The adbatage of e.g. blockhosts is that it is much easier to configure. All you need to do is edit /etc/hosts.allow It is always good to have alternatives to look at and then decide what is the best way to go. What has the least disadvatages. We agree luckily that something should be done by default when sshd is running. Talking about sshd, is there a reason that ssh 1 is still active as well by default? (or has that changed?) -- From the day the male foetus' hands grow long enough to grasp at their 'third leg', until the man in question is dead and buried, the penis is a constant source of amusement and amazement to those of the male gender. http://www.bbc.co.uk/dna/h2g2/A219061 - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
