Re: /var/btmp with ssh:nottyroot

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 26 Sep 2020 18:00:39 +1000
"Michael D. Setzer II via users" <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

> Had one Fedora 32 machine that has the ssh port open.
> the /var/btmp file was showing a number of lines with the
> ssh:nottyroot line followed by various different IP addresses.
> 
> Can stop the sshd service that the btmp file stops growing.
> 
> Use to use denyhosts on systems, but it seems to have been removed.
> The old denyhost would add blocked ipaddresses to stop these sites?
> Know that root is not allowed to login ssh by default, so are these
> lines just saying attempts had been blocked. 
> 
> Have vsftpd setup to use passive ports, so blocking port 22 would not
> be a big deal. But just seeing the btmp file grow seems to show
> wasted bandwidth if not showing an issue.
> 
> Is it an issue or not??

I think not, but am not sure, since my knowledge of this is limited.
I'm also not sure why denyhosts was dropped from Fedora, so it might be
meaningless to run it if it has been replaced by another mechanism
(systemd?), but you can go here,
https://koji.fedoraproject.org/koji/buildinfo?buildID=1130378
and download the F29 rpm and install it on your system.  The version
there is the same as the latest version from upstream,
https://sourceforge.net/projects/denyhosts/files/

It might be that the upstream project is not being developed anymore,
so it was dropped from Fedora, but it could also be that the package
maintainer orphaned it and no one picked it up.

The other possibilities are that fail2ban or tcp_wrappers might have a
means of doing what you want.  Someone else here might be able to
confirm or deny that.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux