Tugger the SLUGger!SLUG Mailing List Archives

RE: [SLUG] Simple tool to monitor remote scans/probs


I can't see this works very well considering some machines from outside may
be allowed to come in and others not..

easily done but using the 

/etc/hosts.deny
---------------
ALL:		ALL		:	spawn (/bin/securescript %n %a %d)

/bin/securescript
-----------------
echo Non authorised access to $3 from $2 | logger -p local0.notice -t
Security
echo "`date +%d/%m/%y` : $3 - $2 $1" >>/var/log/securityattempt.log

This will create a Security process log in your messages file and also log
the details in you /var/log/securityattempt.log file

easy.

thanks,
George Vieira
Network Administrator
http://www.citadelcomputer.com.au
PGP Fingerprint :	43DC 92AC 1A82 27B2 E97B  52F1 B60F 301A 38A9
A10C
PGP KeyID:		0x38A9A10C


-----Original Message-----
From: Jeff Waugh [mailto:jdub@xxxxxxxxxxx]
Sent: Thursday, September 14, 2000 11:21 AM
To: slug@xxxxxxxxxxx
Subject: Re: [SLUG] Simple tool to monitor remote scans/probs


> Matt wrote:
> 
> if anyone has been scanning my ports, trying ports,
> trying to telnet in etc.


... and so much more (for use in combination with your usual ipchains and
system logging):

  http://freshmeat.net/projects/snort/

- Jeff


-- jdub@xxxxxxxxxxx ------------------------------- http://linux.conf.au/ --

        Ye shall be cursed to fall in love so easily, and yet be so
                     cold of heart as never to express it.


--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug