[plug] /var/log/secure reporting

Shannon Carver Shannon.Carver at P-S-T.COM.AU
Mon Aug 8 14:21:42 WST 2005


This is true.  On my external SSH box at work, I get x,000's of
connection attempts a day, from a whole range of IP's, with no apparent
correlation between connect attempts, source address, time of attempt
etc etc.  There's nothing that can really be done about this, bar
restricting the hosts able to connect to the box to only known IP's, and
using secure passwords or keys to connect.

What I'm saying is, preventing the problem from occurring the first
place, is probably better, than having an motd which prints out 5 pages
of failed login attempts each time you log in.



-----Original Message-----
From: plug-bounces at plug.org.au [mailto:plug-bounces at plug.org.au] On
Behalf Of Russell Steicke
Sent: Monday, 8 August 2005 11:07 AM
To: plug at plug.org.au
Subject: Re: [plug] /var/log/secure reporting

On Mon, Aug 08, 2005 at 10:46:26AM +0800, Senectus . wrote:
> I've been marvelling at the scripted login attempts of my
> router/webserver/firewall box at home and It occurred to me that If I
> could get some sort of script to post successful login's for the past
> 2 weeks as a MoTD when I ssh into it I'd feel a lot happier.
> 
> Anyone think of a simple way to do this?

You could use sysnews with a script to extract stuff from /var/log and
write to /var/lib/sysnews.  Then run news (nothing to do with usenet)
in your .bash_profile or .bash_login.  The news command will only show
you the files in /var/lib/sysnews that were created after you last
read news.

Of course, if your attacker wanders around your system and sees that
this is occurring, you may not see the log entries you're after
anyway.


-- 
Russell Steicke

-- Fortune says:
I love treason but hate a traitor.
		-- Gaius Julius Caesar
_______________________________________________
PLUG discussion list: plug at plug.org.au
http://www.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au




More information about the plug mailing list