--X8oaj2qX3NXXvcHN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Sep 05, 2011 at 03:20:04AM -0400, logwatch@linode01.ovirt.org wrote:
=20 ################### Logwatch 7.3.6 (05/19/07) ####################=20 Processing Initiated: Mon Sep 5 03:20:04 2011 Date Range Processed: yesterday ( 2011-Sep-04 ) Period is day. Detail Level of Output: 0 Type of Output: unformatted Logfiles for Host: linode01.ovirt.org ##################################################################=20 =20 --------------------- pam_unix Begin ------------------------=20 =20 sshd: Authentication Failures: root (218.86.120.182): 1250 Time(s)
I think these sshd attacks are going to continue to grow, especially after we're not just a nameless IP address being scanned but an actual mail host. In the past what I've done is have sshd listen on a different port, then drop 22 at the firewall (with the other port open.) Seems to work to reduce the logging noise and machine time to keep saying "no" thousands of times a day. Requires sysadmin team to remember to use the not-normal port number (-P in 'ssh' and -p in 'scp'), which may mess with scripts and such. Something to consider if we want to do git+ssh on this or any host. Just some things to think about as we watch the log traffic ... - Karsten --=20 name: Karsten 'quaid' Wade, Sr. Community Gardener team: Red Hat Community Architecture & Leadership uri: http://communityleadershipteam.org http://TheOpenSourceWay.org gpg: AD0E0C41 --X8oaj2qX3NXXvcHN Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iD8DBQFOZrSZ2ZIOBq0ODEERAqCXAJ9BuGDCG+eb63sowxKVPGW5KUJYMQCfRGNa uRMlkdlmQJ0+HWETjg+kvlI= =Me0O -----END PGP SIGNATURE----- --X8oaj2qX3NXXvcHN--