Muffinresearch Labs by Stuart Colville

Suspect SSH activity in server logs | 0 Comments

Posted in Linux/Unix on 31st August 2004, 7:40 pm by

Having seen a load of failed attempted SSH logins for the Linux boxes I look after, I have locked down what IP addresses SSHD accepts using iptables.

The failed attempts are trying to log in using GUEST/GUEST, ADMIN/ADMIN and other various combinations with no password. It seems like these are pretty lightweight attempts, but unless you have a reason to do otherwise, locking down access to SSH is probably a good idea!

Here’s how to do this with iptables:

-A RH-Lokkit-0-50-INPUT -s xxx.xxx.xxx.xxx -p tcp --dport 22 -j ACCEPT

Replace xxx.xxx.xxx.xxx with the IP address of the box you wish to allow to connect to the server you are securing.

Post Tools

GNU screen: open tab in current working directory|(1)

A nice trick for having screen open a new tab in the same directory as the one you’re currently in. To use it add it to your .screenrc

# Open new window in current dir.
bind c stuff "screen -X chdir \$PWD;screen^M"
bind ^c stuff "screen -X chdir \$PWD;screen^M"

Hat tip: mteckert on SuperUser.com

Ubuntu: add-apt-repository: command not found|(2)

When you’re using a minimal Ubuntu install if you find the ‘add-apt-repository’ command is missing (it’s useful for adding PPAs and other repositories), then simply run:

sudo apt-get install python-software-properties

Photos on Flickr

© Copyright 2004-12 Stuart Colville, all rights reserved. May contain traces of Muffin. Powered by WordPress. Hosting by Slicehost.com This page was baked in 0.495s.