/var/log/secure issue

Protecting your Linux box
Post Reply
mushtaq
Havaldaar
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

/var/log/secure issue

Post by mushtaq »

Asalamualikum,

i have following in my secure log /var/log/secure

Jan 23 09:39:28 pacific sshd[24999]: Invalid user wnn from 203.167.102.190
Jan 23 09:39:28 pacific sshd[24999]: reverse mapping checking getaddrinfo for 190.102.167.203.unassigned.static.eastern-tele.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 23 09:39:30 pacific sshd[24999]: Failed password for invalid user wnn from 203.167.102.190 port 56121 ssh2
Jan 23 21:10:31 pacific sshd[27824]: Did not receive identification string from 67.15.236.19

please provide what does the above lines mean, does that means someone try to attack "through my server" or "from another server to my server".

thanks
Best regds
mushtaq
Life is just a deception from truth
nomankhn
Colonel
Posts: 714
Joined: Wed Aug 07, 2002 8:00 pm

Re: /var/log/secure issue

Post by nomankhn »

mushtaq wrote:Asalamualikum,

i have following in my secure log /var/log/secure

Jan 23 09:39:28 pacific sshd[24999]: Invalid user wnn from 203.167.102.190
Jan 23 09:39:28 pacific sshd[24999]: reverse mapping checking getaddrinfo for 190.102.167.203.unassigned.static.eastern-tele.com failed - POSSIBLE BREAKIN ATTEMPT!
Jan 23 09:39:30 pacific sshd[24999]: Failed password for invalid user wnn from 203.167.102.190 port 56121 ssh2
Jan 23 21:10:31 pacific sshd[27824]: Did not receive identification string from 67.15.236.19

please provide what does the above lines mean, does that means someone try to attack "through my server" or "from another server to my server".

thanks
Best regds
mushtaq
Dear mushtaq,

some body is trying to login in to your system change the port of sshd. or disable sshd

#service sshd stop
#chkconfig --levels 345 sshd off

Regards
Noman Liaquat Khanzada Rajput
Linux means productivity and fun.
We all love Linux, but it's also a fact that some people might not be able to migrate.
mushtaq
Havaldaar
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

howto

Post by mushtaq »

Thanks noman bhai

please can you tell me how to change the port for my sshd ? just guide i will do it.

best regds
mushtaq
Life is just a deception from truth
kbukhari
Major General
Posts: 1222
Joined: Sat Dec 31, 2005 12:29 am
Location: Lahore
Contact:

Re: howto

Post by kbukhari »

mushtaq wrote:Thanks noman bhai

please can you tell me how to change the port for my sshd ? just guide i will do it.

best regds
mushtaq

edit file /etc/ssh/sshd_config

and change Port 22 to any other
--
Syed Kashif Ali Bukhari
+92-345-8444420
http://sysadminsline.com
http://kashifbukhari.com
mushtaq
Havaldaar
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

thanks

Post by mushtaq »

Asalamualikum,

Thanks a lot brother, done.

jazak Allah Khair

Allah Hafiz
Allah Waris
Life is just a deception from truth
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

Dear mushtaq,
Salam,

Use below command.

# sed -i 's/#Protocol 2,1/Protocol 2/' /etc/ssh/sshd_config
# /etc/init.d/sshd restart


Best Regards.
Farrukh Ahmed
lambda
Major General
Posts: 3452
Joined: Tue May 27, 2003 7:04 pm
Location: Lahore
Contact:

Post by lambda »

that won't stop the attempts.
mushtaq
Havaldaar
Posts: 144
Joined: Sat Jul 01, 2006 10:55 am
Location: karachi

i did

Post by mushtaq »

Asalamualikum,

Thanks for the advise but i already changed the port as per brother noman advise.

Alhumdulilah it is better

Thanks

Best regds
mushtaq
Life is just a deception from truth
LinuxFreaK
Site Admin
Posts: 5132
Joined: Fri May 02, 2003 10:24 am
Location: Karachi
Contact:

Re:

Post by LinuxFreaK »

lambda wrote:that won't stop the attempts.
indeed, he should allow specific ip address on his ssh port :)
Farrukh Ahmed
Post Reply