Menu
▾
▴
Re: [SSHGuard-users] Increasing danger level?
|
From: Christopher E. <ce...@lc...> - 2019-10-27 19:31:55
|
On 27.10.19 17:59, @lbutlr wrote:
> However, there’s a long list of usernames that would be appropriate on my systems for this beyond root. Admin, postmaster, toor, postfix, mysql, and many many others that are attempted all the time.
You could treat attacks with invalid or disallowed-by-ssh usernames more
severly:
Sshguard assigns all matches for invalid or disallowed users the token
'ssh_illegaluser', so instead of creating your own match, you could
increase the severity of that.
To set the danger level to <number>, in attack_parser.y, line 211, change
ssh_illegaluser
to
ssh_illegaluser { attack->dangerousness = <number>; }
That should do the trick.
|
