Hi,
You can start by checking the log files.
I do not know if this can help but in my particular
case I installed python and I run Denyhosts as a
deamon , and that authomates the tasks of detecting
and preventing attacks.
DenyHost checks the log files and if there is an
attempt to brute force it place a line is
/etc/hosts.deny.
So some services running under tcpwrap can be very
simply "controlled" in this manner.
Also of great importance is to use in the sshd config
the directives AllowUsers and DenyUsers.
The "usual" targets are the very known system users
like wwwrun, tomcat, root and so on.
Those should be prevented from a external log in.
But of course your solution depends a bit on what is
the purpose of that precise brute force monitoring ...
and exact service you are monitoring ...
Regards,
Pedro Coelho
--- Shashi Kanth Boddula
Hi All,
I am looking for a good tool to detect brute-force and dictionary attacks on user accounts on a Linux system . The tool should also have the intelligence to differntiate between user mistakes and actual brute-force/dictionary attacks and reduce the false positives. SLES9/SLES10 included security tools are not helping in this case . The seccheck package functionality also not matching with my requirement.
Please , anyone knows any third party security tool or any opensource security tool which solves my problem ?
Thanks & Regards, Shashi Kanth,CISSP
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here