removing a Linux Keylogger
dsr at tao.merseine.nu
dsr at tao.merseine.nu
Mon Jul 25 15:23:46 EDT 2005
On Mon, Jul 25, 2005 at 02:29:29PM -0400, Don Levey wrote:
> Dan wrote:
>
> So, then, adding this line in the middle:
>
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
> --set
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
> -j LOG --log-level WARN --log-prefix REJECT-SSH --log-ip-options
> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
> --update --seconds 60 --hitcount 4 -j DROP
>
> Should allow me to log this also?
Certainly. I don't simply because Snort handles that for me.
Do you want to log all the attempts or just those which result
in actual DROPs?
-dsr-
More information about the Discuss
mailing list