8 Nov
2005
8 Nov
'05
01:53
On Monday 07 November 2005 4:52 pm, Dan Abernathy wrote:
Entries in /var/log/messages confirm that the shell script is indeed being run every minute, but the contents of /etc/hosts.deny hasn't changed at all, despite the presence of failed sshd log-ins (also written to /var/log/messages).
It might be an idea to have a look at the following site. BlockHosts - automatic blocking of abusive ssh hosts Script to record how many times "sshd" or "proftpd" is being attacked, and when a particular IP address exceeds a configured number of failed login attempts, that IP address is added to /etc/hosts.allow (or optionally to any other file). http://www.aczoom.com/cms/blockhosts/ -- Regards, Graham Smith