Date: Mon, 20 Jun 2005 08:22:26 +0800 From: "Paul Hamilton" <paulh@bdug.org.au> To: "'Bill Moran'" <wmoran@potentialtech.com>, <questions@freebsd.org> Subject: RE: Detailed logging of ssh sessions Message-ID: <007e01c5752e$22e38a50$6600a8c0@w2k2> In-Reply-To: <20050619113849.3ae5cbad.wmoran@potentialtech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Bill, Just as a side note, to help with people guessing a password, how about having a script that monitors the auth.log file and when you get more = than X number of entries of username/password tries coming from one IP, it then writes a firewall entry that blocks the IP. You could have a = counter/timer, that would release the IP after Y number of minutes (24 hours?). Of = course, you could exclude your usual admin IP's from being monitored. Cheers, Paul Hamilton -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org] On Behalf Of Bill Moran Sent: Sunday, 19 June 2005 11:39 PM To: questions@freebsd.org Subject: Detailed logging of ssh sessions I've been researching this, and so far haven't found a way to do what I = want to do. I have servers here and there, that should only be accessible by a = limited number of administrators via ssh (i.e. mail and web servers, firewalls). As an added security measure, I'd like to start logging everything that happens during any ssh login (since all our work on these machines is = via ssh). I understand, and frequently use script(1), but I want this to be required. I have two goals: 1) If someone manages to guess a password and break in, I want a log of what they're doing. 2) I want 100% guarantee that everything we do is recorded, to make future debugging of configuration mistakes easier. I've been researching sshd, and it doesn't seem as if it has this capability. Web searches have not yet turned up anything ... I'm = guessing I'm not searching for the right phrases, since I can't believe I'm the = only one doing this. Any advice or pointers are welcome. --=20 Bill Moran Potential Technologies http://www.potentialtech.com = _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to = "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?007e01c5752e$22e38a50$6600a8c0>