At 02:03 PM 2/10/01, you wrote:
> > My logs show several direct attempts from these numbers over the last few > > days: <snip> Which log(s) are you referring to? /var/log/secure? messages? Regards, Colin -- Colin J. Raven 2:01pm up 55 min, 2 users, load average: 0.23, 0.07, 0.02
Hi,I have logcheck installed and it mails me suspicious activity as recorded in the /var/log/messages. It can be configured to check on /var/log/secure and /var/log/maillog
PortSentry adds IPs to the /etc/hosts.deny file so if I'm a bit late watching the logcheck messages, the IPs are already blocked. PortSentry doesn't add IPs that are being used to run FTP anonymous login scripts or IPs that are being used to attempt logins using the admin ID so I drop those in by hand.
Diana Crest Communications, Inc. diana@xxxxxxxxxxxxx Beautiful Sunny Florida http://crestcommunications.com/ 352-495-9359, 425-732-9785 fax