I know some of the more experienced people on the list know this, so bear with me. FYI- This will prevent direct remote login from root, by changing the sshd_config file. Add the line: PermitRootLogin no Anyone with a shell account on the system can still attempt su or sudo, but, su and sudo can also be limited to certain users, see the url below for the "how-to". http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-wstation-privileges.html I know this is a pia, but it will _help_ to keep your box(es) from getting hacked! -Steve >>> halln@xxxxxxx 8/3/2004 12:22:50 >>> Hi all. I have been monitoring our logs over the past several weeks using logwatch and have noticed several of these entries (known entries omitted): sshd: Invalid Users: Unknown Account: 5 Time(s) Authentication Failures: test (server.bes1.com ): 2 Time(s) root (server.bes1.com ): 3 Time(s) unknown (server.bes1.com ): 4 Time(s) The source addresses vary. I always see the same accounts from different addresses with a different number of tries. When I see these, there is only one source, never a mix of sources. The next day, it might be a different source, but it is the only one. Is anybody else seeing this in their logs where I shouldn't be as worried or is this directed at us? ~~~~~~~~~~~~~~~~~~~~~~~~~~ Nathaniel Hall Intrusion Detection and Firewall Technician Ozarks Technical Community College -- Office of Computer Networking halln@xxxxxxx 417-799-0552 -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
