Security Run Output E-mail

[jan gestre]

On 7/20/06, PATRICK CARTER <pcarter at jhu.edu> wrote:
>
> I'm relatively ne to FreeBSD (~6 months of usage) and I have been
> administering my own system for approximately the last 2 months.  Recently
> my system has received many ssh login attempts on standard user accounts as
> someone has been attempting to break into my system.  I usually read the
> Security Run Output e-mails to see if the attacker(s) had made any headway,
> and took necessary precautions (limiting ssh logins etc).  However, last
> week (after it seemed that the attacks had let up somewhat) I stopped
> receiving the e-mails (as well as the daily run output e-mails).  I still
> read the auth.log file to see login information and it did not appear as
> though anyone had successfully managed to break into the system.  Today the
> both sets of e-mails started again and I received the e-mails for today and
> yesterday (I am still missing 5 days worth and one weekly run output).  I
> was wondering if anyone might know how to ensure that I continue to receive
> these e-mails without interrupti
> on.
>
> If it matters (and I suspect it does) I have all my root e-mails aliased
> to a locked, nologin dummy account that forwards e-mail to my account, my
> boss' account, and retains a copy in the dummy account (.forward was not
> working to forward root's mail).  Root's mail client is set to read the
> dummy account inbox as well as anything that somehow winds up in the regular
> root mailbox.  This setup worked fine until the e-mails stopped last week
> (none of the listed accounts received the e-mail).
>
> Any advice would be greatly appreciated.
>
> those script kiddies do let up sometimes you know :D , using brute force i
guess, as long as your user's passwords aren't dictionary words then you
have nothing to worry. and also set the Allowusers directive allowing only
admins.

HTH