On Sat, 26 Sep 2020 18:00:39 +1000 "Michael D. Setzer II via users" <users@xxxxxxxxxxxxxxxxxxxxxxx> wrote: > Had one Fedora 32 machine that has the ssh port open. > the /var/btmp file was showing a number of lines with the > ssh:nottyroot line followed by various different IP addresses. > > Can stop the sshd service that the btmp file stops growing. > > Use to use denyhosts on systems, but it seems to have been removed. > The old denyhost would add blocked ipaddresses to stop these sites? > Know that root is not allowed to login ssh by default, so are these > lines just saying attempts had been blocked. > > Have vsftpd setup to use passive ports, so blocking port 22 would not > be a big deal. But just seeing the btmp file grow seems to show > wasted bandwidth if not showing an issue. > > Is it an issue or not?? I think not, but am not sure, since my knowledge of this is limited. I'm also not sure why denyhosts was dropped from Fedora, so it might be meaningless to run it if it has been replaced by another mechanism (systemd?), but you can go here, https://koji.fedoraproject.org/koji/buildinfo?buildID=1130378 and download the F29 rpm and install it on your system. The version there is the same as the latest version from upstream, https://sourceforge.net/projects/denyhosts/files/ It might be that the upstream project is not being developed anymore, so it was dropped from Fedora, but it could also be that the package maintainer orphaned it and no one picked it up. The other possibilities are that fail2ban or tcp_wrappers might have a means of doing what you want. Someone else here might be able to confirm or deny that. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx