bon, je n'ai pas encore trouvé le pourquoi ....
autre petit souci, j'ai eu droit à une attaque de type brute force.
[root@mandriva log]# grep Invalid auth.log
May 11 21:04:24 mandriva sshd[7212]: Invalid user admin from 88.33.202.155
May 11 21:04:36 mandriva sshd[7216]: Invalid user stud from 88.33.202.155
May 11 21:04:42 mandriva sshd[7218]: Invalid user trash from 88.33.202.155
May 11 21:04:52 mandriva sshd[7220]: Invalid user aaron from 88.33.202.155
May 11 21:04:58 mandriva sshd[7222]: Invalid user gt05 from 88.33.202.155
May 11 21:05:04 mandriva sshd[7224]: Invalid user william from 88.33.202.155
May 11 21:05:11 mandriva sshd[7226]: Invalid user stephanie from 88.33.202.155
May 11 21:05:49 mandriva sshd[7238]: Invalid user gary from 88.33.202.155
May 11 21:06:02 mandriva sshd[7243]: Invalid user guest from 88.33.202.155
May 11 21:06:08 mandriva sshd[7245]: Invalid user test from 88.33.202.155
May 11 21:06:14 mandriva sshd[7247]: Invalid user oracle from 88.33.202.155
May 11 21:09:01 mandriva sshd[7398]: Invalid user lab from 88.33.202.155
May 11 21:09:14 mandriva sshd[7413]: Invalid user oracle from 88.33.202.155
May 11 21:09:20 mandriva sshd[7415]: Invalid user svn from 88.33.202.155
May 11 21:09:26 mandriva sshd[7418]: Invalid user iraf from 88.33.202.155
May 11 21:09:33 mandriva sshd[7420]: Invalid user swsoft from 88.33.202.155
May 11 21:09:39 mandriva sshd[7422]: Invalid user production from 88.33.202.155
May 11 21:09:45 mandriva sshd[7424]: Invalid user guest from 88.33.202.155
May 11 21:09:51 mandriva sshd[7426]: Invalid user gast from 88.33.202.155
May 11 21:09:58 mandriva sshd[7428]: Invalid user gast from 88.33.202.155
May 11 21:10:04 mandriva sshd[7430]: Invalid user oliver from 88.33.202.155
May 11 21:10:10 mandriva sshd[7432]: Invalid user sirsi from 88.33.202.155
May 11 21:10:16 mandriva sshd[7434]: Invalid user nagios from 88.33.202.155
May 11 21:10:26 mandriva sshd[7436]: Invalid user nagios from 88.33.202.155
May 11 21:10:32 mandriva sshd[7438]: Invalid user nagios from 88.33.202.155
May 11 21:10:38 mandriva sshd[7440]: Invalid user nagios from 88.33.202.155
May 11 21:10:45 mandriva sshd[7443]: Invalid user backuppc from 88.33.202.155
May 11 21:10:51 mandriva sshd[7445]: Invalid user wolfgang from 88.33.202.155
May 11 21:10:57 mandriva sshd[7448]: Invalid user vmware from 88.33.202.155
May 11 21:11:03 mandriva sshd[7450]: Invalid user stats from 88.33.202.155
May 11 21:11:10 mandriva sshd[7452]: Invalid user kor from 88.33.202.155
[root@mandriva log]#
je sais le pourquoi je pense, j'avais commis une grosse bévue dans mes règles iptables
les quelques règles élémentaires de sécurité que j'avais introduites ont fonctionné.
pourtant je m'interroge sur fail2ban que j'avais installé et correctement configuré (enfin je crois), et qui ne m'indique aucun message dans les logs.
merci.
quelques infos glânées :
System: Monitoring the fail2ban log
http://www.the-art-of-web.com/system/fail2ban-log/
quelques idées :
http://ubuntuforums.org/showthread.php?t=444157
quelques commandes utiles :
# netstat -tulpn | grep :22
# /usr/sbin/sshd -t
--
Un Linux, c'est bien ...........plein de Linux, c'est mieux !
Debian lenny // Fedora 2.6.24.5-85.fc8 // Gentoo 2.6.24-gentoo-r7 // Mandriva 2007.1 Spring
