Logwatch for linode01.ovirt.org (Linux)

Karsten Wade kwade at redhat.com
Wed Sep 7 00:02:33 UTC 2011


On Mon, Sep 05, 2011 at 03:20:04AM -0400, logwatch at linode01.ovirt.org wrote:
> 
>  ################### Logwatch 7.3.6 (05/19/07) #################### 
>         Processing Initiated: Mon Sep  5 03:20:04 2011
>         Date Range Processed: yesterday
>                               ( 2011-Sep-04 )
>                               Period is day.
>       Detail Level of Output: 0
>               Type of Output: unformatted
>            Logfiles for Host: linode01.ovirt.org
>   ################################################################## 
>  
>  --------------------- pam_unix Begin ------------------------ 
> 
>  sshd:
>     Authentication Failures:
>        root (218.86.120.182): 1250 Time(s)

I think these sshd attacks are going to continue to grow, especially
after we're not just a nameless IP address being scanned but an actual
mail host.

In the past what I've done is have sshd listen on a different port,
then drop 22 at the firewall (with the other port open.) Seems to work
to reduce the logging noise and machine time to keep saying "no"
thousands of times a day.

Requires sysadmin team to remember to use the not-normal port number
(-P in 'ssh' and -p in 'scp'), which may mess with scripts and
such. Something to consider if we want to do git+ssh on this or any
host.

Just some things to think about as we watch the log traffic ...

- Karsten
-- 
name:  Karsten 'quaid' Wade, Sr. Community Gardener
team:   Red Hat Community Architecture & Leadership
uri:             http://communityleadershipteam.org
                        http://TheOpenSourceWay.org
gpg:                                       AD0E0C41
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/infra/attachments/20110906/91a1a33f/attachment.sig>


More information about the Infra mailing list