Root Check Published: Aug 25, 2004
  • Rating

    5/5

For anyone using LogWatch and is worried about sshd Authentication Failures then you need to understand that there are thousands of robots and scripts that will scan random IPs for easy login access to servers. This is nothing to worry about.

Logwatch Authentication Failures

sshd:
Authentication Failures:
unknown (202.172.251.200): 251 Time(s)
Invalid Users:
Unknown Account: 499 Time(s)

All you need to do is block the IP that’s scanning your system. You can
do this automatically by following my tutorial on Preventing Brute Force
Attacks http://www.webhostgear.com/240.html

Changing your SSH port number will sometimes help for scanners that are
not targetted but anyone can still do a port scan and run the bot on the
different port. Blocking them with your firewall is be best method.

Once BFD and APF are setup you dont’ need to worry about LogWatch
Authentication Failures anymore.

Steve

  • Rating

    5/5

Related Articles

Comments (12)

  • Gravatar - domper
    domper 22:43, August 28, 2004
    Can I install rootcheck if I have directadmin as web control panel on my server?.
  • Gravatar - WHG - Steve
    WHG - Steve 21:39, August 29, 2004
    Yes, the type of control panel shouldn't matter.
  • Gravatar - vijay kumar
    vijay kumar 12:41, September 19, 2004
    very nice tutorial thanks i tried and found it very useful
  • Gravatar - ParisDNS
    ParisDNS 10:30, May 18, 2005
    Got error when rnning ./rootcheck.pl :<br />
    <br />
    Can't locate IO/Interface.pm in @INC (@INC contains: /usr/lib/perl5/5.8.6/i686-linux /usr/lib/perl5/5.8.6 /usr/lib/perl5/site_perl/5.8.6/i686-linux /usr/lib/perl5/site_perl/5.8.6 /usr/lib/perl5/site_perl/5.8.0 /usr/lib/perl5/site_perl .) at mods/checkif.pm line 22.<br />
    BEGIN failed--compilation aborted at mods/checkif.pm line 22.<br />
    Compilation failed in require at ./rootcheck.pl line 60.
  • Gravatar - Hesham
    Hesham 22:07, November 20, 2005
    The provided URL is not working!
  • Gravatar - sinangunay
    sinangunay 09:03, December 17, 2005
    Because new version is avaliable, and changed the usage of script.<br />
    please try, http://ossec.underlinux.com.br/rootcheck/<br />
  • Gravatar - codeunix
    codeunix 18:22, July 14, 2006
    the new url link is:<br />
    wget http://www.ossec.net/rootcheck/files/rootcheck-0.7.tar.gz
  • Gravatar - cyberspace
    cyberspace 08:20, November 6, 2006
    ParisDNS, you need to install the perl module called IO::Interface
  • Gravatar - Brendan RTG
    Brendan RTG 07:26, January 9, 2007
    root@jade [/downloads]# tar -xvzf rootcheck-0.4.tar.gz<br />
    <br />
    gzip: stdin: not in gzip format<br />
    tar: Child returned status 1<br />
    tar: Error exit delayed from previous errors<br />
    root@jade [/downloads]#<br />
  • Gravatar - Rudi
    Rudi 11:36, February 1, 2007
    Does anyone run the check via cron? And if so, how often?
  • Gravatar - Rich
    Rich 15:04, July 31, 2009
    404 error<br />
    wget http://www.ossec.net/rootcheck/files/rootcheck-0.4.tar.gz<br />
    Is not found ?<br />
    <br />
    Thanks<br />
  • Gravatar - Jim
    Jim 16:26, September 3, 2009
    Updated shell commands:<br />
    <br />
    Installing and Running Rootcheck from Shell:<br />
    <br />
    wget http://www.ossec.net/rootcheck/files/rootcheck-2.0.tar.gz <br />
    # tar -zxvf rootcheck-2.0.tar.gz<br />
    # cd rootcheck-2.0<br />
    # make all<br />
    # ./ossec-rootcheck

Add Your Thoughts

WebHostGear.com is a hosting directory, not a web host.

Copyright © 1998-2015 WebHostGear.com