Message Log "OverLoad", results; mail/mysql stoppage.

[miklr]

Can anyone give me any Ideas as to how to eliminate the constant problem of the message log file in the/var/log directory , becoming so large from brute force attempts logging errors, that it immobilizes my (dv) due to server drive space limits?

thanks (in advance) for any help,

miq.r.

 

[wagnerch]

What OS are you running? If it is a RH flavor then logrotate will rotate the messages logfile out on a weekly basis.

Also what are they attacking, ssh? Personally, I would move ssh to a non-standard port. I don't know about you, but I never give users access via ssh -- so I just changed the port.

 

[miklr]

Thanks for the reply,

I am running RedHat.

The only problem with rotating log files, is the message log spins up within an hour, and locks up services, way before any rotation would solve it.

Changing the ssh port is a good solution, but not quite sure how to do that.

miq.r.

 

[wagnerch]

It sounds like you have a deliberate attack. is it all consistently on one service? is it all from one particular IP?

If it is coming from the same user then firewall them. For sshd, you would modify /etc/ssh/sshd_config and change the ListenAddress to 0.0.0.0:2322 (or whatever port you want to use). ListenAddress may be commented out. You would need to restart sshd for it to take effect.

 

[miklr]

thanks 'wagnerch', think I'll try just setting my logrotate config file, to rotate after it reaches a size limit.

miq.r.