Re: intrusion?



"Paweł B." <botul1979@xxxxx> wrote:

gtu2003@xxxxxxxx pisze:

Thank you very much. Someone know a simple script that do the follow:
* watch in the logs
* if there is a lot of invalid access from an Ip it block only this ip for an hour

You can try fail2ban.

Good way to improve security is move ssh to high port, and drop
request on port 22.

That doesn't improve security that much but at least keeps the
dumb script kiddies out and avoids cluttering your log files.

To improve security disable password authentication if that's possible
in your environment.


Florian
--
<http://www.florian-diesch.de/>
-----------------------------------------------------------------------
** Hi! I'm a signature virus! Copy me into your signature, please! **
-----------------------------------------------------------------------
.



Relevant Pages

  • Re: Tools to Analyse Logs in Checkpoint NG
    ... Is it only for checking security events in FW1 logs? ... I say that because if you take an analyse console which is completly written ... I did some script in PERL ...
    (Security-Basics)
  • SUMMARY WAS: OT? Philosophical Question on SA responsibilities
    ... helpful for managers interested in hiring new administrators. ... Would you go thru the 14,600 messages in root and admin ... If I was a new SA I would if encountering a security hole, ... I can see some use for the passwd -s part of the crontab script, ...
    (SunManagers)
  • Re: Clarification-Win2k Netstat sockets interpretation
    ... snip.. ... Before I could manually download every security upate and servicepack from MS.com but now...they send you a bit of Cop-code that fails to run unless ALL defences are down ... Are you sure the script from ntsvcfg is benign in addition to being useful? ... You are absolutely correct there HAL, er ah, Sebastian. ...
    (alt.computer.security)
  • [NT] Flaw in Windows Script Engine Could Allow Code Execution
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Windows Script Engine provides Windows operating systems with the ... blocked by Outlook Express 6.0 and Outlook 2002 in their default ...
    (Securiteam)
  • Re: BUG with RES/SCRIPT/XP-SP2
    ... I consider JavaScript (known to security people as JavaVirus) as one of the Really Top ... to have a bad script cause damage to my machine. ... This security feature is called the "Local Machine Zone Lockdown". ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
    (microsoft.public.vc.mfc)