On Tue, 22 Jul 2008 16:34:54 +0200
Rudi Ahlers <Rudi@xxxxxxxxxxx> wrote:
> Bowie Bailey wrote:
> > Bo Lynch wrote:
> >
> >> just wanted to get some feedback from the community. Over the last
> >> few days I have noticed my web server and email box have attempted
> >> to ssh'd to using weird names like admin,appuser,nobody,etc....
> >> None of these are valid users. I know that I can block sshd all
> >> together with iptables but that will not work for us. I did a
> >> little research on google and found programs like sshguard and
> >> sshdfilter. Just wanted to know if anyone had any experience with
> >> anything like these programs or have any other advice. I really
> >> appreciate it.
> >
> > The simplest thing is to change the port. I know it's "security
> > through obscurity", but it works well and can be used along with
> > whatever other security enhancements you care to use.
> >
> >
> By changing the ports on all our servers to a high (above 1024) port,
> we have eliminated SSH scans altogether - been running like that for
> a few years now without any problems.
>
> I also add a small script in /etc/profile to email me when someone
> logs in via SSH, since only a few privileged ppl should use SSH
> altogether
>
Interesting idea with this script thing. Can you provide more details or
the script?
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
