Muffinresearch Labs by Stuart Colville

Suspect SSH activity in server logs | Comments (0)

Posted in Linux/Unix on 31st August 2004, 7:40 pm by Stuart

Having seen a load of failed attempted SSH logins for the Linux boxes I look after, I have locked down what IP addresses SSHD accepts using iptables.

The failed attempts are trying to log in using GUEST/GUEST, ADMIN/ADMIN and other various combinations with no password. It seems like these are pretty lightweight attempts, but unless you have a reason to do otherwise, locking down access to SSH is probably a good idea!

Here’s how to do this with iptables:

-A RH-Lokkit-0-50-INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT

Replace xxx.xxx.xxx.xxx with the IP address of the box you wish to allow to connect to the server you are securing.

Post Tools

Comments: Add yours







XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>



GNU screen: open tab in current working directory|(1)

A nice trick for having screen open a new tab in the same directory as the one you’re currently in. To use it add it to your .screenrc

# Open new window in current dir.
bind c stuff "screen -X chdir \$PWD;screen^M"
bind ^c stuff "screen -X chdir \$PWD;screen^M"

Hat tip: mteckert on SuperUser.com

Ubuntu: add-apt-repository: command not found|(2)

When you’re using a minimal Ubuntu install if you find the ‘add-apt-repository’ command is missing (it’s useful for adding PPAs and other repositories), then simply run:

sudo apt-get install python-software-properties

Photos on Flickr

© Copyright 2004-12 Stuart Colville, all rights reserved. May contain traces of Muffin. Powered by WordPress. Hosting by Slicehost.com This page was baked in 0.478s.