Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 25th November 2008, 00:55
adrenalinic adrenalinic is offline
Senior Member
 
Join Date: Jan 2006
Posts: 187
Thanks: 3
Thanked 3 Times in 3 Posts
Question Ossec - log ssh brute force attack NOT WORK!

Hello to heverybody!
(Howtoforge is the 1st my forum website! - A beautiful community!)

The problem!
On the my local vps i have a problem about the log and notification with OSSECC monitor of SSH brute force attack.

In the first time, there was a problem , a bug, with the bad ownership of btmp that create a strange log report about login failure

sshd[9595]: Excess permission or bad ownership on file /var/log/btmp

After i have "solved" with the change of permissions and ownership of btmp file,

chmod 600 /var/log/btmp

but now, when there is a login failure, only from unknow user of the system, there is not any log of the failure login and obviously OSSECC dont notify me an event that not exist!

If a know user perform a bad login the system notify correctly the failure login.

I have tested this, with a simulation of ssh bruteforce attack.



If there is any idea, i will be happy!

Thanks!
Regards,
Josef.

Last edited by adrenalinic; 25th November 2008 at 01:01.
Reply With Quote
Sponsored Links
 

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Help! Why do I see message about Apache, CPanel & WHM. I don't run cpanel! websissy Installation/Configuration 3 18th November 2008 22:16
missing webalizer stats bolero Installation/Configuration 15 12th November 2008 16:28
user login via ssh doesn't work utopic_men HOWTO-Related Questions 5 12th May 2008 18:30
Preventing Brute Force Attacks With Fail2ban On Debian Etch Jarek Buczyński HOWTO-Related Questions 6 10th August 2007 19:23
How to install BFD (Brute Force Detection) domino Tips/Tricks/Mods 9 31st March 2006 22:40


All times are GMT +2. The time now is 10:58.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.