Archive for category App Review

Weird things on my server

I mentioned a post or so ago about a new application that I have started to run called logwatch. One of the things that I noticed in the output that I was getting from log watch was a fair number of failed ssh log in attempts. I looked like most of the attempts were automated hits using root/password to get in. This got me looking into a way to stop these types of attempts from happening. A quick google search lead me to denyhosts. It is a really simple but effective app that watches for failed attempts and will put the offending IP address in your /etc/hosts.deny.

The only issue that I had once installing it was that my own IP was being blocked from my laptop while on my wireless connection (weird). To fix this I edited /var/lib/denyhosts/allowed-hosts to add my IP info to keep me from being blocked.

Running grep sshd: /etc/hosts.deny | wc -l I can see that my hosts.deny file has gone from having no entries to having 100. And that is just in the timespan of a month or so.

5 Comments

It’s been quiet around here

Looking at this site today I noticed that I had not posted anything at all since April. I knew it had been a while but I didn’t realize it had been that long. One of my many goals for this year is to try to post at least one time per week to this site. I plan to try to post about new applications that I have found. Many of these applications will be old hat to quite a few people but they are new and exciting to me.

The first application that I will talk a little about is logwatch. It is kind of funny how I came to learn about this one. I had been watching some RedHat SysAdmin class material during some of the boring days at work during the holidays. I kind of glazed over the section on logwatch but then it came back to me when I saw a post by Juanjo Martínez on the Fedora planet. I installed and configured it on a Fedora 12 machine that I use at work and was really impressed with the amount of information that I got from it. What really sold me on it though was when I installed it on my Ubuntu server at home and I was able to see how many times people were trying hit it over ssh. Finding this out led to the next tool that I recently found which I will discuss next time.

Reviewing logs is a very important part of a sysadmin’s job in my opinion and I feel bad for not know about this tool for so long. If you are not running logwatch now and want / need something that will help you get more information about your system then I highly recommend it.

, ,

1 Comment