How to block attackers automatically with /etc/hosts.deny (Different Services)

**foster04** · 20th April 2012, 01:10 AM

[root@cisco-ccna scripts]# cat /etc/rsyslog.d/50-default.conf | grep auth
cat: /etc/rsyslog.d/50-default.conf: No such file or directory
[root@cisco-ccna scripts]# ls /var/log/
boot.log cron dmesg.old httpd maillog mysqld.log secure tallylog wtmp
btmp dmesg fail2ban.log lastlog messages samba spooler vsftpd.log yum.log
[root@cisco-ccna scripts]#

I am doomed

**foster04** · 20th April 2012, 01:42 AM

Looks like i'm doomed

[root@cisco-ccna /]# cat /etc/rsyslog.d/50-default.conf | grep auth
cat: /etc/rsyslog.d/50-default.conf: No such file or directory
[root@cisco-ccna /]# ls /var/log/
boot.log cron dmesg.old httpd maillog mysqld.log secure tallylog wtmp
btmp dmesg fail2ban.log lastlog messages samba spooler vsftpd.log yum.log
[root@cisco-ccna /]#

Maybe i should be working on a Dedicated environment, and not a VM....

**Rahul.Patil** · 20th April 2012, 10:06 AM

sorry , that's my mistake "/etc/rsyslog.d/50-default.conf" this file is available in Ubuntu base system. i have installed rsyslogd in my centos and checked the auth logs store in /var/log/secure and /var/log/messages

**Rahul.Patil** · 20th April 2012, 12:17 PM

Hi,

you can use Fail2ban is a similar program that prevents brute force attacks against SSH / VSFTPD.
for more information link

Thread: How to block attackers automatically with /etc/hosts.deny (Different Services)

Thread Tools

Display

Thread Information

Users Browsing this Thread

Similar Threads

NGINX: Block files and extensions with deny all

deny arpspoof using iptables

SSH vs. Hosts.Allow!

Linux howto allow or deny access by IP address

Sendmail control incoming email to accept, deny, or relay

Posting Permissions