I have a few questions - maybe bullets will work better.
1. I found an IP in my auth.log file where someone used a dictionary attack on my box - while they were unsuccessful, how common is this?
2. Do I risk incurring the wrath of a script kiddie for running an aggressive nmap against said IP?
3. Someone turned me on to the denyhosts package - any idea why this isn't part of the distro proper? It just seems like that should be a default option.
4. And lastly - should I be looking into pam setting for establishing better security practices?
Many thanks for your time.