If they never are able to successfully login then it won't matter if you display it in a banner page as they already know that IP address's are logged in the btmp and the wtmp logs. Here are things to do from a liability stand point: 1 - Have a warning banner enabled at log in. It is very easy to do and I have attached one. Just put in /etc and name it issue and make sure it has permission 444 set. 2 - make sure /var/log/btmp exists if not create the file. Whenever a failed attempt happens either by local, ssh or whatever connection just do a lastb and it logs it by, id - ipaddress and date/time. 3 - Continue to call theplanet.com on the number listed on their website if they fail to respond I would contact your local police if you belive this to be a hacker attempt. Albert Smith Sr. Unix Systems Administrator HPCSA, RHCT Genex Services 440 E. Swedesford Rd. Wayne, PA 19087 albert.smith@xxxxxxxxxxxxxxxxx (610) 964-5154 > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Burke, Thomas G. > Sent: Wednesday, April 27, 2005 11:39 AM > To: golharam@xxxxxxxxx; General Red Hat Linux discussion list > Subject: RE: How to display IP of ssh user in message? > > Probably won't matter, as most of them are scripts... > > -Tom > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Ryan Golhar > Sent: Friday, April 15, 2005 11:28 AM > To: Burke, Thomas G.; 'General Red Hat Linux discussion list' > Subject: RE: How to display IP of ssh user in message? > > > > My message might have been a bit confusing. When a user logs > in via ssh, a message can be displayed. I forget what file > this is in. I want to add their IP address to the message so > they know that we know where they are coming from... > > > > -----Original Message----- > From: Burke, Thomas G. [ mailto:tg.burke@xxxxxxx] > Sent: Friday, April 15, 2005 11:15 AM > To: golharam@xxxxxxxxx; General Red Hat Linux discussion list > Subject: RE: How to display IP of ssh user in message? > > > > This data shows up in one of the other logs - not sure which > off the top > of my head, tho. > > -Tom > > -----Original Message----- > From: redhat-list-bounces@xxxxxxxxxx > [ mailto:redhat-list-bounces@xxxxxxxxxx]On Behalf Of Ryan Golhar > Sent: Friday, April 15, 2005 11:02 AM > To: 'General Red Hat Linux discussion list' > Subject: How to display IP of ssh user in message? > > > > Hi all, > > I notice in our logs that we get a large amount of failed attempts to > log in. Short of blocking these domains using iptables, I > was wondering > > if there is a way to display the IP address of the user > logging in, in a > > message so they know we have their IP address? > > sshd: > Invalid Users: > Unknown Account: 602 Time(s) > Authentication Failures: > xfs (138.67-18-71.reverse.theplanet.com ): 1 Time(s) > root (nitrogen.umdnj.edu ): 1 Time(s) > root (138.67-18-71.reverse.theplanet.com ): 1 Time(s) > unknown (138.67-18-71.reverse.theplanet.com ): 595 Time(s) > unknown (218.153.147.92 ): 6 Time(s) > daemon (138.67-18-71.reverse.theplanet.com ): 1 Time(s) > root (218.153.147.92 ): 3 Time(s) > rpc (138.67-18-71.reverse.theplanet.com ): 1 Time(s) > unknown (10.136.16.244 ): 1 Time(s) > smmsp (138.67-18-71.reverse.theplanet.com ): 1 Time(s) > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=subscribe > https://www.redhat.com/mailman/listinfo/redhat-list > >
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
