Date: Mon, 18 Oct 2004 12:12:26 +0530 From: Subhro <subhro.kar@gmail.com> To: Odhiambo Washington <wash@wananchi.com>, FBSD-Q <freebsd-questions@freebsd.org> Subject: Re: Are these attempts by password crackers?? Message-ID: <b2807d04041017234237095a6@mail.gmail.com> In-Reply-To: <20041018055122.GB35360@ns2.wananchi.com> References: <20041018055122.GB35360@ns2.wananchi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 18 Oct 2004 08:51:22 +0300, Odhiambo Washington <wash@wananchi.com> wrote: > 1. Is this some virus or some crackers playing around? Yeh, someone is prolly trying to bruteforce your boxes. > 2. Why only on 5.2.1 systems and not on any of the 4.10 boxes that I > also run? Negative, a couple of my 4.10 boxes also reports the same. > 3. Am I supposed to be worried at all? Well, I am not ;) You need not worry if you have done these: 1. Set PetmitRootLogin to No in sshd_config. 2. Use Public/Private keypair for authentication to all the previledged accounts, i.e. the accounts which are member of wheel. 3. Try to avoid accesing foreign services (surfing, IRCing) from previledged accounts. 4. NEVER login as root. Instead su to root as required. 5. Do not include the current directory in $PATH to save the ./ when running a binary from the current directory. 6. Maintain an updated tripwire (or alike) database. 7. Do not run any service which you do not need to. 8. Generate a script to parse log files at regular intervals and add blocks for IPs in the border router which had been trying to bruteforce the box. 9. And last but not the least, do not allow any user a priviledge which he/she does not need to have. Regards S. -- Subhro Sankha Kar School of Information Technology Block AQ-13/1 Sector V ZIP 700091 India
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b2807d04041017234237095a6>