Brian K. White wrote:
OK!
cd /etc ln -s /usr/bin/mplayer nologin
Now for a little fun.... ;-)
That file is used by more than just sshd. it's a generic sort of file that many *ix os's use, sometimes just by a few lines in /etc/profile, meaning you have already logged in to some daemon or other by the time /etc/nologin comes into play. sshd does read it a little earlier than that though.
I would NOT do the above symlink or put anything but text into that file. Also, usually, root is still allowed to log in even when there is a /etc/nologin. (unless the daemon in question has other config which disables direct root login, such as /etc/securetty for telnetd, and sshd_config for ssh, etc...)
It's not the place to play that kind of game. really. IE: more likely to crash your own daemons than borther any hackers. The RBL approach sounds great. Automatically report any ip's that the filter gets triggered into blocking. Now if that would go a bit further to where it bothers the admins of isp's that provide the offending ip's...
Brian, Of course you are correct. However, I was being a bit more facetious than serious. More a Tom Sawyer/Huck Finn daydream than an actual plan. My choice of mplayer was just a bit more embellishment, the icing on the cake, if you will. I asked myself what would be one of the biggest binaries I could send (other than video or the openSUSE DVD itself), so I just sorted /usr/bin by size and mplayer was among the top, widely recognized -- just right. Then I just grinned and imagined the frantic WTF??, ctrl+c, ctrl+c, alt+->, login, killall ssh, etc..... or If it is just an automated dictionary attack, would it just hand with gibberish spewing all over the terminal... Either way, it was a pleasant thought ;-) -- David C. Rankin, J.D.,P.E. | openSoftware und SystemEntwicklung Rankin Law Firm, PLLC | Countdown for openSuSE 11.1 www.rankinlawfirm.com | http://counter.opensuse.org/11.1/small -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org