Menu
▾
▴
Re: [SSHGuard-users] Increasing danger level?
|
From: @lbutlr <kr...@kr...> - 2019-10-27 16:59:53
|
On 26 Oct 2019, at 04:51, Christopher Engelhard <ce...@lc...> wrote: > However, if you're OK with building sshguard yourself, it's not too > difficult to add these additional rules to your local version. Have a > look at attack_(parser.y|scanner.l) in the linked PR as a guide to the > necessary changes. > > [1] > https://bitbucket.org/robohack/sshguard/commits/43c8542552e8f5a3413d5c5984555bea4d77bb7e?at=master Thanks. Grabbed that and am hoping to add it in. However, there’s a long list of usernames that would be appropriate on my systems for this beyond root. Admin, postmaster, toor, postfix, mysql, and many many others that are attempted all the time. In fact, a mechanism in sshguard that increased the danger or decreased the threshold for non-existent accounts would be great. -- "It's like those French have a different word for *everything*" - Steve Martin |
