[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSH monitoring



CHAT KHODA wrote:

Dear friends,
I wish to :

1- Monitor all of the connections(or tries) to my SSH
port including the source IP address.

permit() { # I want to log just the startup of the conversation /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG --syn \ --log-level info --log-prefix "iptables permit: " \ --log-ip-options /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j ACCEPT }


# Deny these sites access to my machine deny() { /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j LOG \ --log-level alert --log-prefix "iptables deny: " \ --log-ip-options /sbin/iptables -A INPUT -s ${1} -p tcp --dport 22 -j DROP }


# =[ Flush the tables completely ]============================================ /sbin/iptables -F

# =[ Permit list ]============================================================
#permit 127.0.0.0/8             # Local stuff
permit 10.0.0.0/8               # Local stuff
permit 172.16.0.0/12            # Local stuff
permit 192.168.0.0/16           # Local stuff

# =[ Deny list ]==============================================================
deny 0.0.0.0/0          # Deny everyone else

The logging part is probably what you want most but the above may
prove to be useful.

2- Limit the numer of unsuccessfull attempts to login
to just two attempts per session.

Take a look at pam_abl ( http://www.hexten.net/pam_abl/ ). Now that i use the above I've had no incidents of needing pam_abl. That doesn't mean I won't.

--
Linux Home Automation         Neil Cherry       ncherry comcast net
http://home.comcast.net/~ncherry/               (Text only)
http://hcs.sourceforge.net/                     (HCS II)
http://linuxha.blogspot.com/                    My HA Blog


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]