Date: Sat, 22 Jul 2006 02:06:18 +0800 From: "jan gestre" <freebsd.ph@gmail.com> To: pcarter@jhu.edu Cc: freebsd-questions@freebsd.org Subject: Re: Security Run Output E-mail Message-ID: <a25afc300607211106y68472f3fy57ffbe94041dc7e5@mail.gmail.com> In-Reply-To: <f438f71438d7.44bf61dd@johnshopkins.edu> References: <f438f71438d7.44bf61dd@johnshopkins.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 7/20/06, PATRICK CARTER <pcarter@jhu.edu> wrote: > > I'm relatively ne to FreeBSD (~6 months of usage) and I have been > administering my own system for approximately the last 2 months. Recently > my system has received many ssh login attempts on standard user accounts as > someone has been attempting to break into my system. I usually read the > Security Run Output e-mails to see if the attacker(s) had made any headway, > and took necessary precautions (limiting ssh logins etc). However, last > week (after it seemed that the attacks had let up somewhat) I stopped > receiving the e-mails (as well as the daily run output e-mails). I still > read the auth.log file to see login information and it did not appear as > though anyone had successfully managed to break into the system. Today the > both sets of e-mails started again and I received the e-mails for today and > yesterday (I am still missing 5 days worth and one weekly run output). I > was wondering if anyone might know how to ensure that I continue to receive > these e-mails without interrupti > on. > > If it matters (and I suspect it does) I have all my root e-mails aliased > to a locked, nologin dummy account that forwards e-mail to my account, my > boss' account, and retains a copy in the dummy account (.forward was not > working to forward root's mail). Root's mail client is set to read the > dummy account inbox as well as anything that somehow winds up in the regular > root mailbox. This setup worked fine until the e-mails stopped last week > (none of the listed accounts received the e-mail). > > Any advice would be greatly appreciated. > > those script kiddies do let up sometimes you know :D , using brute force i guess, as long as your user's passwords aren't dictionary words then you have nothing to worry. and also set the Allowusers directive allowing only admins. HTH
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?a25afc300607211106y68472f3fy57ffbe94041dc7e5>