Hello,
I try to securise a bit more my box.
I’d like to do 2 thinks.
1- Automaticly deny a host who’s trying to connect more than n times in n minutes.
For example in my log I have a host who’s tried to connect to ftp server more than 40 times in few minutes with a different username.
2- Allow SSH root acces to only few host (..domain.com)
I know the hosts allow and deny but how configure it for these 2 cases ?
for case 2 I don’t know how to specify the userlogin in the file
ex:
hosts.deny :
sshd :
ALL:all \ ==> how to say for userlogin ROOT
spawn /bin/echo /bin/date from %h>>/var/log/ssh.log
hosts.allow
sshd
ALL : ..domain1.com ==> how to say for userlogin ROOT
thanks for your help