removing a Linux Keylogger
Derek Atkins
warlord at MIT.EDU
Tue Jul 26 08:59:59 EDT 2005
dsr at tao.merseine.nu writes:
> On Mon, Jul 25, 2005 at 02:29:29PM -0400, Don Levey wrote:
>> Dan wrote:
>>
>> So, then, adding this line in the middle:
>>
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>> --set
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>> -j LOG --log-level WARN --log-prefix REJECT-SSH --log-ip-options
>> iptables -I INPUT -p tcp --dport 22 -i eth0 -m state --state NEW -m recent \
>> --update --seconds 60 --hitcount 4 -j DROP
>>
>> Should allow me to log this also?
>
> Certainly. I don't simply because Snort handles that for me.
>
> Do you want to log all the attempts or just those which result
> in actual DROPs?
If I wanted to only log attemps that result in actual DROPs, how would
I implement that?
Also, where in the iptables (ordered) list would I want to put these?
TIA,
> -dsr-
-derek
--
Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
Member, MIT Student Information Processing Board (SIPB)
URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
warlord at MIT.EDU PGP key available
More information about the Discuss
mailing list