Security help
Hey everyone!
Last week I was going through my /var/logs directory and I noticed that someone had made several attempts to login to my network via ssh. From the usernames that they were throwing it appeared that they were using some type of dictionary program. I went through the log files and added the offending ip's to my hosts.deny file. What I'm wondering is if there is a package that will automaticaly disallow any access to an ip once they have either 1) tried to login with an incorrect password 3 times or 2) tried to login using a username that does not exist. I'm sure that I can script something like this but my bash-foo is not quite that strong.
Anyone know of any good packages that will do this?
Also: Once you add an ip to hosts.deny do you need to restart all of your xinetd/inet.d services for it to take effect or does it happen dymanically?
Thanks!
Last week I was going through my /var/logs directory and I noticed that someone had made several attempts to login to my network via ssh. From the usernames that they were throwing it appeared that they were using some type of dictionary program. I went through the log files and added the offending ip's to my hosts.deny file. What I'm wondering is if there is a package that will automaticaly disallow any access to an ip once they have either 1) tried to login with an incorrect password 3 times or 2) tried to login using a username that does not exist. I'm sure that I can script something like this but my bash-foo is not quite that strong.
Anyone know of any good packages that will do this?
Also: Once you add an ip to hosts.deny do you need to restart all of your xinetd/inet.d services for it to take effect or does it happen dymanically?
Thanks!
