logsurfer

dave_at_umiacs.umd.edu
Date: 05/27/05

  • Next message: Matthew Lenz: "Re: linux firewall distro that includes LVS?" 
    Date: Fri, 27 May 2005 14:09:25 -0400

    Anyone using logsurfer? I'm interested in having it detect an ssh scan
    from an IP and report
    when it sees more than a certain number. I've got the regexp working but
    it mails me a blank
    message rather than the IP form which the attack comes. Here's what
    I have

    ' (.*) sshd\[[0-9]*\]: .* Failed password for' - - - 0
             report "/usr/bin/surfmail -r dave -S \"sshd login attempts\""
    "sshd\\[$2\\]:"

    TIA 

    --
 =-=-=-=-=-=-=-=-=-=-  generated by /dev/dave -=-=-=-=-=-=-=-=-=-=-=-=
 David Stern                                    University of Maryland
           Institute for Advanced Computer Studies
  • Next message: Matthew Lenz: "Re: linux firewall distro that includes LVS?"

    Relevant Pages

    • Re: 2.6.26-rc6-git2: Reported regressions from 2.6.25
      ... not likely to match the revert. ... So if we have a report that client outgoing SSH ... connections hang with the current kernel, ...
      (Linux-Kernel)
    • Re: [SLE] stopping dictionary attacks on sshd (a tcp_wrappers problem)
      ... ssh login does not work when one has just booted, until jifie gets 0 and starts incrementing, then it works. ... We need open ssh connections from the outside. ... We want to defend against these attacks in a reasonable way. ... logsurfer is used because I don't know a better log watching and event ...
      (SuSE)
    • Re: -current lockup (how to diagnose?)
      ... >> and usually be up to date kernel. ... >> o KDE's virtual screen switching is working. ... >> o ssh from this box is still working. ... I think I have a weekly run report somewhere, ...
      (freebsd-current)
    • Re: Is my home computer at risk knowing that nmap says...
      ... I want ssh for administration, lpd because there is a shared ... I will try to find a friend ... country that can run a nmap scan for me and report the results to see ...
      (comp.os.linux.security)
    • Re: SSH 2.4.0/3.0.1 usernames guessable ?
      ... Subject: SSH 2.4.0/3.0.1 usernames guessable? ... This does appear to be the default in both configs ... I would report this to the people at ssh.com as they will respond (in my ... awe-inspiring, entertaining, and a source of mind- boggling amounts of ...
      (Vuln-Dev)