To keep an eye on servers, systems administrators often make use of
various monitoring tools. For example wired makes use of programs such
as logcheck, integrit and tiger. These are all valuable tools checking
system logs, file changes and system changes (these can suggest an
intrusion has occurred).
Being useful tools, they also tend to
e-mail the administration team with regular updates. The down side -
they can do it several times a day. For example, my inbox currently has
various messages along the lines of
May 7 23:03:40 wired sshd[304]: error: PAM: Permission denied for illegal user root from aaa.bbb.com
Ah,
the joy of botnets. I know this is the downside of such tools but
something I will have to put up with as we look out for real problems
that are within our control.
P.S. The root account is disabled for remote login if you're feeling bored / silly enough to try it.
Debian and OpenSSL - UPDATE
ReplyDeleteKieran has informed me that we are no longer susceptible to the risk posed by the Debian OpenSSL issue now that the machine starfm is updated.On reflection, it seems like a stupid bug to induce through editing code you don't...