Hierzu mal ein Beispiel, welche automatische E-Mail man bekommt, wenn mal wieder ein "Oberschlauer" versucht auf meinen Server krumme Dinge zu veranstalten:
Code:
OSSEC HIDS Notification.
2009 Jun 03 01:59:34
Received From: s15327960->/var/log/messages
Rule: 3911 fired (level 10) -> "Multiple connection attempts from same source."
Portion of the log(s):
Jun 3 01:59:34 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:30 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:27 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:24 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:21 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:17 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:14 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:11 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:07 s15327960 pop3d: Connection, ip=[196.217.144.149]
Jun 3 01:59:04 s15327960 pop3d: Connection, ip=[196.217.144.149]