Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

removing a Linux Keylogger



discuss-bounces at blu.org wrote:
> At 02:29 PM 7/25/2005, Don Levey wrote:
>> Dan wrote:
>>
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
>> recent \ -j LOG --log-level WARN --log-prefix REJECT-SSH
>> --log-ip-options
>>
>> Should allow me to log this also?
>
> This is already being logged by sshd in /var/log/secure:
>
>         Illegal user guest from 218.21.129.102

Ah, right - forgot about that.  Logwatch will tell me about that too.  At
this point I block certain IPs/ranges at the firewall when they try to
connect at port 25; logging in iptables is the only way I see that.

Thanks!
 -Don




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org