Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

removing a Linux Keylogger



dsr at tao.merseine.nu writes:

> On Mon, Jul 25, 2005 at 02:29:29PM -0400, Don Levey wrote:
>> Dan wrote:
>> 
>> So, then, adding this line in the middle:
>> 
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>> --set
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>> -j LOG --log-level WARN --log-prefix REJECT-SSH --log-ip-options
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>> --update --seconds 60 --hitcount 4 -j DROP
>> 
>> Should allow me to log this also?
>
> Certainly. I don't simply because Snort handles that for me.
>
> Do you want to log all the attempts or just those which result
> in actual DROPs?

If I wanted to only log attemps that result in actual DROPs, how would
I implement that?

Also, where in the iptables (ordered) list would I want to put these?

TIA,

> -dsr-

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available




BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org