Results 1 to 7 of 7
  1. #1

    Monitor FTP and SSH

    Hi all,

    Hope this is in the right forum.

    Can anyone please suggest a simple script (shell or cpanel/whm is fine) that will allow me to monitor active FTP connections on my deciated server?

    I would also like to find something similar regarding SSH, detailing current connections/attempts and where they are coming from.

    Very much appreciate your help!

  2. #2
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    8,910
    A little off topic, but you may want to reconsider allowing SSH access as it can sometimes create a security hazard.

    Generally it should only be granted to people who have an actual need for shell access...
    Patrick William | RACK911 Labs | Software Security Auditing
    400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com

    www.HostingSecList.com - Security notices for the hosting community.

  3. #3
    You can enable detailed logging for sshd in its config file.

  4. #4
    http://ngrep.sourceforge.net/ ngrep works well
    http://www.tcpdump.org/ tcpdump works better

  5. #5
    Join Date
    Jan 2004
    Location
    York, UK
    Posts
    371
    Quote Originally Posted by scout4a
    You can enable detailed logging for sshd in its config file.
    And make sure people login to a "jailed" shell - not a perfect cure-all but can stop a good number of simple hacks/cracks.

  6. #6
    Awsome guys, thanks for all your help so far.
    I only have one domain with shell access and that one is jailed.
    In my logs I see heaps of attempts to log in though.
    I would like a visual method of seeing this activity.

    I'll look at ngrep and tcpdump.

    Thanks again!

  7. #7
    Isn't it amazing what a bit of study and self help can do!
    Thanks for all your assistance.

    tail -f /var/log/messages
    tail -f /var/log/xferlog
    tail -f /var/log/secure

    all happy now

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •