Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 23 Jun 1998 19:24:50 +0200
From:      Andreas Klemm <andreas@klemm.gtn.com>
To:        "Jordan K. Hubbard" <jkh@time.cdrom.com>
Cc:        committers@FreeBSD.ORG
Subject:   Re: Release schedule for 2.2.7
Message-ID:  <19980623192450.A1458@klemm.gtn.com>
In-Reply-To: <1350.898593243.1@time.cdrom.com>; from Jordan K. Hubbard on Tue, Jun 23, 1998 at 02:14:03AM -0700
References:  <1350.898593243.1@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jun 23, 1998 at 02:14:03AM -0700, Jordan K. Hubbard wrote:
> o Security folks
> 
>   Check your CERT advisories and whatnot against the state of -stable
>   today.  Sometimes things are missed.

daily security check script needs some additions...

Login failures that are logged in /var/log/messages aren't 
reported. Last recently I noticed various login/crack attempts
on a FreeBSD-STABLE machine in my company.

Things we should report are:

"refused connect from" by tcp_wrapper
and
"LOGIN FAILURES FROM" by login

See here:
Jun 22 05:17:43 titan telnetd[10520]: refused connect from 195.90.203.76
Jun 22 05:18:05 titan telnetd[10523]: refused connect from 195.90.203.76
Jun 22 05:20:22 titan telnetd[10951]: refused connect from 195.90.203.76
Jun 22 05:20:37 titan telnetd[10953]: refused connect from 195.90.203.76
Jun 22 05:21:04 titan telnetd[10955]: refused connect from 195.90.203.76
Jun 22 05:22:30 titan login: 2 LOGIN FAILURES FROM freefall.FreeBSD.ORG
Jun 22 05:22:30 titan login: 2 LOGIN FAILURES FROM freefall.FreeBSD.ORG,
andreas
Jun 22 05:23:39 titan login: 2 LOGIN FAILURES FROM freefall.FreeBSD.ORG
Jun 22 05:23:39 titan login: 2 LOGIN FAILURES FROM freefall.FreeBSD.ORG, root
Jun 22 05:24:03 titan login: 1 LOGIN FAILURE FROM freefall.FreeBSD.ORG
Jun 22 05:24:03 titan login: 1 LOGIN FAILURE FROM freefall.FreeBSD.ORG, ddd

-- 
Andreas Klemm                                http://www.FreeBSD.ORG/~andreas
     What gives you 90% more speed, for example, in kernel compilation ?
          http://www.FreeBSD.ORG/~fsmp/SMP/akgraph-a/graph1.html
             "NT = Not Today" (Maggie Biggs)      ``powered by FreeBSD SMP''

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980623192450.A1458>