[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] SSH EXPLOIT IN THE WILD
- Subject: RE: [cobalt-users] SSH EXPLOIT IN THE WILD
- From: "Chris" <chawkins1@xxxxxxxxxxxx>
- Date: Thu Sep 18 11:39:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
<snip>
If put in hosts.allow, it will send an email for every SSH connection
"allowed", if put in hosts.deny it will send an email for every connection
denied.
<snip>
#### CUT HERE ##########
#!/bin/sh
#
# Security Notes SHELL
###############################################################
#sshd: ALL : spawn /usr/local/etc/secnotes "%a+%A+%c+%d+%h+%H+%s+%u" & :
DENY
#
DT1=`date`
TMP="${1}" ## Save input
LHOST=`uname -n` ## Get local name
## Now set input as argument list
set -- `echo ${1} | tr -s "+" " "`
## Now send message based on input args...
cat << !EOF! | /bin/mail -s "Wrappers: $1 $LHOST == $7" root > /dev/null
2>&1
SECURITY NOTES - ATTEMPTED CONNECTION
DATE: $DT1
PORT: $4
SERVER: ($7)
CONNECTION: ($3)
ON: $6:$2
BY: $5:$1
as USER: $8
!EOF!
exit
##### CUT HERE ###########
Enjoy....
--
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx
Great script. Where do you modify it so that you are not receiving system
checks every 15 minutes?
SECURITY NOTES - ATTEMPTED CONNECTION
DATE: Thu Sep 18 11:30:05 PDT 2003
PORT: sshd
SERVER: (sshd@xxxxxxxxx)
CONNECTION: (127.0.0.1)
ON: 127.0.0.1:127.0.0.1
BY: 127.0.0.1:127.0.0.1
as USER: root
Thanks,
Chris