Re: Repeated attacks via SSH
<<On Mon, 03 Oct 2005 13:00:33 +0200, Clemens Renner <claim@rinux.net> said:
> Failed password for illegal user qscand from 217.20.119.212 port 50657 ssh2
I modified my version of /etc/periodic/security/800.loginfail to
filter out all the "illegal user" messages from sshd; otherwise I
would be getting about 24,000 lines of crap a night in my security
report (3,000 attempts per host times eight hosts). Since all of the
machines I care about have very limited access, I don't lose anything
by not overwhelming my security mail with unimportant failures.
I also aggressively use AllowUsers/AllowGroups in sshd_config to limit
exposure even more. (That way, I don't have to see all the failures
for "www" and "pgsql" as well.)
-GAWollman
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
討論串 (同標題文章)
完整討論串 (本文為第 21 之 23 篇):