Unknown users trying to log in? Where is it logged?
dotancohen at gmail.com
Wed Dec 3 19:26:49 UTC 2008
2008/12/3 Chris Mohler <cr33dog at gmail.com>:
> On Thu, Dec 4, 2008 at 12:53 PM, Dotan Cohen <dotancohen at gmail.com> wrote:
>> I found this in logwatch:
>> Authentication Failures:
>> unknown (): 3 Time(s)
>> Invalid Users:
>> Unknown Account: 3 Time(s)
>> Sessions Opened:
>> hardy2 by LOGIN: 1 Time(s)
>> Since I am behind a NAT firewall I find this interesting. I do have
>> wireless enabled, could that have been an attack vector? Which log can
>> I check to see which usernames/passwords the attackers used?
> Redhat-based distros use /var/log/secure - Ubuntu seems to use
> If I have a SSH server exposed to the net, I usually tell sshd to
> listen on a different port (higher than 1024) - that will get rid of
> 99% of people "banging on the door". Of course there are other things
> you can do to harden sshd, but I've found that moving the port is a
> good start.
Thanks. I see it was just me, getting lost in TTY4 playing with zgv
and not being able to get myself back out :)
More information about the ubuntu-users