Logs of TCP Wrappers
Hi All,
I have a CENTOS 5.5 boxes. I want to block all ssh services to domain test.com. For this, I have made the below entry in /etc/host.deny Code:
sshd : .test.com \ : spawn /bin/echo `/bin/date` access denied>>/var/log/sshd.log Code:
Wed Jan 26 21:06:10 IST 2011 access denied Is there any other log file for TCP Wrappers, there were no logs in /var/log/messages. Code:
# tail -f /var/log/messages -f /var/log/sshd.log |
RHEL-based system?
On systems where sshd(8) is compiled with libwrap.so (tcp wrappers), the logging goes to the same place as sshd logging. On RHEL systems, that would be /var/log/secure. |
Quote:
I forgot to write by OS name, have edited it now. I know I can find out this info in /var/log/secure, but other logs would also be logged in it. I was just curious to know if we have any such option in TCP wrappers to just log for one rule. Thanks for your time. |
Try:
Code:
sshd : .test.com \ : spawn /bin/echo `/bin/date` access denied for %u on host %a>>/var/log/sshd.log |
Quote:
Hi frndrfoe, Many thanks ! It helped me to find the IP which is trying to ssh but not the username. Now, I am getting the below logs Code:
[root@gateway ~]# tail -5f /var/log/sshd.log |
Does /var/log/secure have a corresponding failure entry with a username?
from man hosts.allow %u The client user name (or "unknown"). |
Yes it has an entry but not of username. :(
|
All times are GMT -5. The time now is 07:50 PM. |