upgraded to v3.01 and now the server doesn't mails the login alert,
happening on 2 of my servers
csf log shows:-
Sun Jan 5 07:45:49 2008 lfd: *SSH login* from xx.xx.119.245 into the root account using password authentication - ignored
nothing else has been changed on the server.
on other boxes running older versions still send alerts properly.
any solutions ?
root ssh alert ignored ????
thanks for the reply, iam not an expert but think this option is expecting any of IP in relayhost as trusted user.chirpy wrote:lfd will ignore any ip's that you have listed in csf.ignore, any global ignore file is setup and any ip in /etc/relayhosts at the time if you have the RELAYHOSTS option enabled.
ignoring the IP in /etc/relayhosts can be risky cause if a spammer who compromised an account and sent any mails, and later gains ssh access anyhow, can do enough harm as ADMIN is not notified.
please check on that too,
regards,
p
-
mediastock4u
- Junior Member
- Posts: 2
- Joined: 08 Jan 2008, 21:31
Hi.
This is very contradictory.
You either disable relay-hosts and suddenly and you get the warning and also make your security score go down, or you enable it and cant see who is logging into the server via SSH. I have tried to delete the IP's from the etc/relayhosts log and as soon as i login via ssh, it reputs those ips there.
Can this bug be fixed ASAP.
Cheers,
This is very contradictory.
You either disable relay-hosts and suddenly and you get the warning and also make your security score go down, or you enable it and cant see who is logging into the server via SSH. I have tried to delete the IP's from the etc/relayhosts log and as soon as i login via ssh, it reputs those ips there.
Can this bug be fixed ASAP.
Cheers,
-
mediastock4u
- Junior Member
- Posts: 2
- Joined: 08 Jan 2008, 21:31
