Re: stopping brute for ssh attack

On Mon, 30 Jan 2006 13:18:13 -0600, Brenda wrote:

> Is there a way to do this?

[y4kk0@X ~]$ yum info pam_abl denyhosts
Setting up repositories
Reading repository metadata in from local files
Available Packages
Name : denyhosts
Arch : noarch
Version: 1.1.4
Release: 2.fc4
Size : 68 k
Repo : extras
Summary: A script to help thwart ssh server attacks
Description:
 DenyHosts is a Python script that analyzes the sshd server log
messages to determine which hosts are attempting to hack into your
system. It also determines what user accounts are being targeted. It
keeps track of the frequency of attempts from each host and, upon
discovering a repeated attack host, updates the /etc/hosts.deny file
to prevent future break-in attempts from that host. Email reports can
be sent to a system admin.

Name : pam_abl
Arch : i386
Version: 0.2.2
Release: 2.fc4
Size : 23 k
Repo : extras
Summary: A Pluggable Authentication Module (PAM) for auto blacklisting
Description:
 Provides auto blacklisting of hosts and users responsible for repeated
failed authentication attempts. Generally configured so that
blacklisted users still see normal login prompts but are guaranteed to
fail to authenticate. A command line tool allows to query or purge the
databases used by the pam_abl module.

[y4kk0@X ~]$

Please search fedora-extrsa-list for more information (there was some
time ago discussion about these two programs).

I would also suggest changing default sshd port to something else.

-- 
http://faq.fedora.pl | http://forum.fedora.pl
http://wiki.fedora.pl/Hardware/BinarneSterowniki
http://openwengo.com/ - i Ty możesz pomóc zniszczyć niewolnego Skype'a ;)