O'Reilly logo

CFEngine 3 Beginner's Guide by Rajneesh

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Time for action - auditing SSHD log files for break-in attempts

  1. The SSH daemon logs a message whenever a script kiddie tries to gain access to your system and is denied access due to the tcpwrapper rules you have already put. The message appears in the files '/var/log/secure' by default. The message is similar to the one given below

    Jan 2 15:33:09 sshd[32128]: refused connect from <IP_Address>

    Jan 2 15:33:09 sshd[32128]: refused connect from <IP_Address>
    
    
    • Now we may ask CFEngine to scan the file and log such IP addresses. These IP addresses may further be fed to your firewall rules or any other applications for detailed analysis.
  2. Let's write a promise file that scans the logs and prepares a list of rogue IP addresses which are trying to connect ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required