01-19-2010
There are some tools to track failed logins in ssh : denyhosts and fail2ban.
The first one tracks unsuccessful logins in /var/log/auth.log (but you can specify another file) and puts the incriminated IP in /etc/hosts.deny (after a number of tries) you can also specify your own commands to be executed.
It manages a couple of files : user-valid, user-invalid, hosts-valid, hosts-invalid...
Maybe that can be a kind of interest for you.
10 More Discussions You Might Find Interesting
1. HP-UX
I have tried limiting failed logins to three by the following method
logins -ox \ | awk -F: '($8 != "LK" && $1 != "root") { print $1 }' \ | while read logname; do
/usr/lbin/modprpw -m umaxlntr=3 "$logname"
done
/usr/lbin/modprdef -m umaxlntr=3
but it is failing on the 4th... any ideas?... (1 Reply)
Discussion started by: csaunders
1 Replies
2. Shell Programming and Scripting
Hi ,
I am pretty new to scripting, and I trying to write a script which is not working as I expect to ....
I am trying to write a script which starts from top directory and tracks all the folders and sub-folders till it reaches a file and gives the list of files as output for a given... (2 Replies)
Discussion started by: Rahul00000
2 Replies
3. Shell Programming and Scripting
Can you help me in providing the following output or a quite similar to this from a shell script ?
*** Logins Summary Information *****
----------------------------------
Failed Login Attempts for Invalid Accounts
Date Time IP-ADD Account ... (0 Replies)
Discussion started by: linuxgeek
0 Replies
4. Shell Programming and Scripting
This is the contents of my file:
donald.duck 12/07/2009 12:07:58
donald.duck 12/07/2009 12:17:36
donald.duck 12/07/2009 12:22:29
donald.duck 12/07/2009 12:26:39
donald.duck 12/07/2009 12:28:01
mickey.mouse 12/07/2009 12:48:49
mickey.mouse 12/07/2009 12:49:33
mickey.mouse 12/07/2009... (3 Replies)
Discussion started by: diallo0024
3 Replies
5. Shell Programming and Scripting
By a shell script When I am logging into hosts one by one with ssh.
I am getting below message.
Pseudo-terminal will not be allocated because stdin is not a terminal.
stty: : Invalid argument
stty: : Invalid argument
Can you please suggest what should I do to stop this?
... (10 Replies)
Discussion started by: KuldeepSinghTCS
10 Replies
6. Shell Programming and Scripting
Hi,
I need to run a script in two different login's in the same server, but it is running only in one login, i have used the corresponding PATH for each login, but still it says " not authorized to put msg in queue". (2 Replies)
Discussion started by: savithavijay
2 Replies
7. AIX
Hi All,
Any idea on how to write a script on AIX 5.3 to monitor ftp or sftp login failed.
Thanks and more power,
Itik (2 Replies)
Discussion started by: itik
2 Replies
8. Solaris
Hey all I'm having a big problem here. Someone is attempting an SSH to a destination host on which an account resides and locking the account. I'm trying to determine who is performing the SSH attempts from my host. For instance they're logged in as their standard account but then (I'm assuming)... (13 Replies)
Discussion started by: MaindotC
13 Replies
9. Solaris
Hello guys,
I made a loginlog file to register failed login attempts on my sun-blade 1500 server ( just studying at home) . The code below is how I created the file :
# touch /var/adm/loginlog
# chmod 600 /var/adm/loginlog
# chgrp sys /var/adm/loginlog
After creating the file, I... (1 Reply)
Discussion started by: cjashu
1 Replies
10. Shell Programming and Scripting
we have more then 10 jobs scheduled in cronjob.. but we can see some of the script has been changed without any notification.. can we write any script which captures any changes inside the scripts with time of change and user name like .. or any other option apart from this ??
Plz help .. (4 Replies)
Discussion started by: netdbaind
4 Replies
LEARN ABOUT V7
hosts.equiv
HOSTS.EQUIV(5) Linux Programmer's Manual HOSTS.EQUIV(5)
NAME
hosts.equiv - list of hosts and users that are granted "trusted" r command access to your system
DESCRIPTION
The file /etc/hosts.equiv allows or denies hosts and users to use the r-commands (e.g., rlogin, rsh, or rcp) without supplying a password.
The file uses the following format:
+|[-]hostname|+@netgroup|-@netgroup [+|[-]username|+@netgroup|-@netgroup]
The hostname is the name of a host which is logically equivalent to the local host. Users logged into that host are allowed to access
like-named user accounts on the local host without supplying a password. The hostname may be (optionally) preceded by a plus (+) sign. If
the plus sign is used alone, it allows any host to access your system. You can explicitly deny access to a host by preceding the hostname
by a minus (-) sign. Users from that host must always supply additional credentials, including possibly a password. For security reasons
you should always use the FQDN of the hostname and not the short hostname.
The username entry grants a specific user access to all user accounts (except root) without supplying a password. That means the user is
NOT restricted to like-named accounts. The username may be (optionally) preceded by a plus (+) sign. You can also explicitly deny access
to a specific user by preceding the username with a minus (-) sign. This says that the user is not trusted no matter what other entries
for that host exist.
Netgroups can be specified by preceding the netgroup by an @ sign.
Be extremely careful when using the plus (+) sign. A simple typographical error could result in a standalone plus sign. A standalone plus
sign is a wildcard character that means "any host"!
FILES
/etc/hosts.equiv
NOTES
Some systems will honor the contents of this file only when it has owner root and no write permission for anybody else. Some exceptionally
paranoid systems even require that there be no other hard links to the file.
Modern systems use the Pluggable Authentication Modules library (PAM). With PAM a standalone plus sign is considered a wildcard character
which means "any host" only when the word promiscuous is added to the auth component line in your PAM file for the particular service
(e.g., rlogin).
EXAMPLE
Below are some example /etc/host.equiv or ~/.rhosts files.
Allow any user to log in from any host:
+
Allow any user from host with a matching local account to log in:
host
Note: the use of +host is never a valid syntax, including attempting to specify that any user from the host is allowed.
Allow any user from host to log in:
host +
Note: this is distinct from the previous example since it does not require a matching local account.
Allow user from host to log in as any non-root user:
host user
Allow all users with matching local accounts from host to log in except for baduser:
host -baduser
host
Deny all users from host:
-host
Note: the use of -host -user is never a valid syntax, including attempting to specify that a particular user from the host is not trusted.
Allow all users with matching local accounts on all hosts in a netgroup:
+@netgroup
Disallow all users on all hosts in a netgroup:
-@netgroup
Allow all users in a netgroup to log in from host as any non-root user:
host +@netgroup
Allow all users with matching local accounts on all hosts in a netgroup except baduser:
+@netgroup -baduser
+@netgroup
Note: the deny statements must always precede the allow statements because the file is processed sequentially until the first matching rule
is found.
SEE ALSO
rhosts(5), rlogind(8), rshd(8)
COLOPHON
This page is part of release 4.15 of the Linux man-pages project. A description of the project, information about reporting bugs, and the
latest version of this page, can be found at https://www.kernel.org/doc/man-pages/.
Linux 2015-07-23 HOSTS.EQUIV(5)