Re: [tlug] Login/SSH Scan Detection

["A.Sajjad Zaidi" <sajjad@example.com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ended up writing a bash script using grep and sed which sleeps for a few
seconds and reads in the log file, but is efficient enough.

It sends the 'sed'ed, readable output to a keitai, if there is any
logging by sshd. It could be annoying (until blocked) if someone tries
to be funny, but will do for now.

Thanks for the suggestions.

- -- 
A. Sajjad Zaidi
System Administrator
Technology & Operations Div.
Digital Garage Inc.


On Mon, Feb 18, 2002 at 05:29:03PM +0900, Matt Doughty wrote:
> Never mind that suggestion since it won't work with sshd daemonized.  I'm
> having a bad reading day.
> 
> --Matt
> On Mon, Feb 18, 2002 at 05:25:54PM +0900, Matt Doughty wrote:
> > Another option is tcp wrappers. The following is example from the
> > man page that mails illegal tftp attempts to root:
> > 
> >        /etc/hosts.allow:
> >           in.tftpd: LOCAL, .my.domain
> > 
> >        /etc/hosts.deny:
> >           in.tftpd: ALL: spawn (/some/where/safe_finger -l @%h | \
> >                /usr/ucb/mail -s %d-%h root) &
> > 
> > --Matt
> > On Mon, Feb 18, 2002 at 04:23:07PM +0900, ayako kato wrote:


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8cef5t1KjqyZ+DQ4RAoMUAKCdcsUtDuHm/hp2x+DuvpgQ+pyh1QCdF0f2
fLQpIJ2QYPqiRu1lVDOSAhM=
=zJhZ
-----END PGP SIGNATURE-----