On Sun, 2005-08-21 at 17:03 -0500, Jerry Geis wrote: > I have quite a few entries in /var/log/messages for connection attempts. > Is there anything other > than ignoring them I can do? Example is below. > There are a number of scripts (some Perl, some Python) out there to monitor the log and add an entry in hosts.deny to block any further attempts from the offending IP when too many failed password attempts are noted. You can find them with some "googling". I am using a modified one to stop these breakin attempts on my servers. > Aug 21 15:48:19 machine sshd(pam_unix)[17903]: check pass; user unknown > Aug 21 15:48:19 machine sshd(pam_unix)[17903]: authentication failure; > logname= uid=0 euid=0 tty=ssh ruser= > rhost=wsip-24-234-149-156.lv.lv.cox.net > > THanks, > > Jerry > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos -- Rich Huff <rich at richhuff.com>