removing a Linux Keylogger
Don Levey
lug at the-leveys.us
Mon Jul 25 15:56:01 EDT 2005
discuss-bounces at blu.org wrote:
> At 02:29 PM 7/25/2005, Don Levey wrote:
>> Dan wrote:
>>
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m
>> recent \ -j LOG --log-level WARN --log-prefix REJECT-SSH
>> --log-ip-options
>>
>> Should allow me to log this also?
>
> This is already being logged by sshd in /var/log/secure:
>
> Illegal user guest from 218.21.129.102
Ah, right - forgot about that. Logwatch will tell me about that too. At
this point I block certain IPs/ranges at the firewall when they try to
connect at port 25; logging in iptables is the only way I see that.
Thanks!
-Don
More information about the Discuss
mailing list