[CentOS] Entries in /var/log/messages
Rich Huff
rich at richhuff.com
Sun Aug 21 23:30:42 UTC 2005
On Sun, 2005-08-21 at 17:03 -0500, Jerry Geis wrote:
> I have quite a few entries in /var/log/messages for connection attempts.
> Is there anything other
> than ignoring them I can do? Example is below.
>
There are a number of scripts (some Perl, some Python) out there to
monitor the log and add an entry in hosts.deny to block any further
attempts from the offending IP when too many failed password attempts
are noted. You can find them with some "googling".
I am using a modified one to stop these breakin attempts on my servers.
> Aug 21 15:48:19 machine sshd(pam_unix)[17903]: check pass; user unknown
> Aug 21 15:48:19 machine sshd(pam_unix)[17903]: authentication failure;
> logname= uid=0 euid=0 tty=ssh ruser=
> rhost=wsip-24-234-149-156.lv.lv.cox.net
>
> THanks,
>
> Jerry
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
--
Rich Huff <rich at richhuff.com>
More information about the CentOS
mailing list