[olug] example intrusion detection
Adam Haeder
adamh at omaha.org
Thu Oct 7 05:07:08 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 6 Oct 2004, Ryan Stille wrote:
> Trent Melcher wrote:
> > Another added feature is to wrapper sshd, if possible. This
> > way not only
> > can specific users log in, they can only log in from specific
> > IP addressess
> > or domains. The downside to this is that with a lot of ISPs
> > using DHCP, so
> > wrapping on an IP address doesn't work if the users IP changed.
> >
> > Trent
>
> You could acomplish the same thing with a firewall, too? Or can you do something more complex with this,
> like allow root logins from the internal network but disallow them from the outside world?
>
> -Ryan
Yes you could do the same thing with a firewall. I don't think you can
fine grain the root logins like that
through ssh though. What I ended up doing as a stopgap until the box gets
reloaded:
- - added 'sshd: ALL' to /etc/hosts.deny (ssh obeys these files)
- - added 'sshd: 10.0.0.0/255.0.0.0' to /etc/hosts.allow (their internal
network)
- - set PermitRootLogins to No in /etc/ssh/sshd_config
- --
Adam Haeder
Vice President of Information Technology
AIM Institute
adamh at omaha.org
(402) 345-5025 x115
PGP Public key: http://www.haederfamily.org/pgp.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFBZM7+bHC3IXlHqBQRArhpAJ906SYZSvjxZBIddGMchGeVX4fW3wCfcWZ7
BU13Ow4kYHdRiZlftdTVQmc=
=NUuE
-----END PGP SIGNATURE-----
More information about the OLUG
mailing list