/var/log/secure issue

Protecting your Linux box

/var/log/secure issue

Postby mushtaq » Wed Jan 24, 2007 4:12 pm

Asalamualikum,

i have following in my secure log /var/log/secure

Jan 23 09:39:28 pacific sshd[24999]: Invalid user wnn from 203.167.102.190
Jan 23 09:39:28 pacific sshd[24999]: reverse mapping checking getaddrinfo for 190.102.167.203.unassigned.static.eastern-tele.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 23 09:39:30 pacific sshd[24999]: Failed password for invalid user wnn from 203.167.102.190 port 56121 ssh2
Jan 23 21:10:31 pacific sshd[27824]: Did not receive identification string from 67.15.236.19

please provide what does the above lines mean, does that means someone try to attack "through my server" or "from another server to my server".

thanks
Best regds
mushtaq
Life is just a deception from truth
mushtaq
Havaldaar
 
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

Re: /var/log/secure issue

Postby nomankhn » Wed Jan 24, 2007 5:05 pm

mushtaq wrote:Asalamualikum,

i have following in my secure log /var/log/secure

Jan 23 09:39:28 pacific sshd[24999]: Invalid user wnn from 203.167.102.190
Jan 23 09:39:28 pacific sshd[24999]: reverse mapping checking getaddrinfo for 190.102.167.203.unassigned.static.eastern-tele.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 23 09:39:30 pacific sshd[24999]: Failed password for invalid user wnn from 203.167.102.190 port 56121 ssh2
Jan 23 21:10:31 pacific sshd[27824]: Did not receive identification string from 67.15.236.19

please provide what does the above lines mean, does that means someone try to attack "through my server" or "from another server to my server".

thanks
Best regds
mushtaq


Dear mushtaq,

some body is trying to login in to your system change the port of sshd. or disable sshd

#service sshd stop
#chkconfig --levels 345 sshd off

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
nomankhn
Colonel
 
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

howto

Postby mushtaq » Wed Jan 24, 2007 5:18 pm

Thanks noman bhai

please can you tell me how to change the port for my sshd ? just guide i will do it.

best regds
mushtaq
Life is just a deception from truth
mushtaq
Havaldaar
 
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

Re: howto

Postby kbukhari » Wed Jan 24, 2007 5:33 pm

mushtaq wrote:Thanks noman bhai

please can you tell me how to change the port for my sshd ? just guide i will do it.

best regds
mushtaq



edit file /etc/ssh/sshd_config

and change Port 22 to any other
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
kbukhari
Major General
 
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Website: http://kashifbukhari.com
Location: Lahore

thanks

Postby mushtaq » Wed Jan 24, 2007 5:47 pm

Asalamualikum,

Thanks a lot brother, done.

jazak Allah Khair

Allah Hafiz
Allah Waris
Life is just a deception from truth
mushtaq
Havaldaar
 
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

Re:

Postby LinuxFreaK » Thu Jan 25, 2007 9:29 am

Dear mushtaq,
Salam,

Use below command.

# sed -i 's/#Protocol 2,1/Protocol 2/' /etc/ssh/sshd_config
# /etc/init.d/sshd restart


Best Regards.
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi

Postby lambda » Thu Jan 25, 2007 12:37 pm

that won't stop the attempts.
lambda
Major General
 
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Website: http://www.hungry.com/~fn/
Location: Lahore

i did

Postby mushtaq » Thu Jan 25, 2007 8:27 pm

Asalamualikum,

Thanks for the advise but i already changed the port as per brother noman advise.

Alhumdulilah it is better

Thanks

Best regds
mushtaq
Life is just a deception from truth
mushtaq
Havaldaar
 
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

Re:

Postby LinuxFreaK » Fri Jan 26, 2007 10:44 am

lambda wrote:that won't stop the attempts.


indeed, he should allow specific ip address on his ssh port :)
Farrukh Ahmed
LinuxFreaK
Site Admin
 
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
ICQ: 82075802
Website: http://www.linuxpakistan.net/wiki/index.php?pagename=LinuxFreak
WLM: f4fahmed@hotmail.com
Yahoo Messenger: f4fahmed@yahoo.com
AOL: linuxpakistan@aol.com
Location: Karachi


Return to “%s” Security

Who is online

Users browsing this forum: No registered users and 1 guest

cron