[vox-tech] Why change default ssh port?
Rick Moen
rick at linuxmafia.com
Fri Jun 16 16:50:14 PDT 2006
Quoting Ryan (cjg5ehir02 at sneakemail.com):
> I run SSH on a port that is not 22 as well, for the simple reason that I do
> not want to see the infernal bot probings show up in my log files on boxes
> that I cannot firewall to only allow access from specific networks.
This and your other point are of course well taken (and appreciated).
It's occurred to me over the years, though, that reading the logfiles
raw never really was the way to go. Or rather, if you are going to do
that, you'd need to tweak what gets logged and what doesn't. Since it's
actually easier to filter one's _analysis_ of system logs rather than
the raw logs themselves, I tend to do the latter.
E.g., a bit of work on the /etc/logcheck/cracking.ignore.d directory,
and setting "SUPPORT_CRACKING_IGNORE=1" in /etc/logcheck/logcheck.conf,
will do wonders to both reduce low-significance data and help highlight
anything that really _does_ matter.
A well-tuned logcheck report is very much your friend.
More information about the vox-tech
mailing list