Another thing that works is to also set the root shell to /sbin/nologin,
then login under another account and use sudo. Yes, another PIA, but
that also prevents access.
-Bob
Steve Kozakoff wrote:
I know some of the more experienced people on the list know this, so
bear with me.
FYI-
This will prevent direct remote login from root, by changing the
sshd_config file. Add the line:
PermitRootLogin no
Anyone with a shell account on the system can still attempt su or sudo,
but, su and sudo can also be limited to certain users, see the url below
for the "how-to".
http://www.redhat.com/docs/manuals/linux/RHL-8.0-Manual/security-guide/s1-wstation-privileges.html
I know this is a pia, but it will _help_ to keep your box(es) from
getting hacked!
-Steve
halln@xxxxxxx 8/3/2004 12:22:50 >>>
Hi all.
I have been monitoring our logs over the past several weeks using
logwatch
and have noticed several of these entries (known entries omitted):
sshd:
Invalid Users:
Unknown Account: 5 Time(s)
Authentication Failures:
test (server.bes1.com ): 2 Time(s)
root (server.bes1.com ): 3 Time(s)
unknown (server.bes1.com ): 4 Time(s)
The source addresses vary. I always see the same accounts from
different
addresses with a different number of tries. When I see these, there is
only
one source, never a mix of sources. The next day, it might be a
different
source, but it is the only one.
Is anybody else seeing this in their logs where I shouldn't be as
worried or
is this directed at us?
~~~~~~~~~~~~~~~~~~~~~~~~~~
Nathaniel Hall
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln@xxxxxxx
417-799-0552
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
