Security Report - 3/7/2024 5:40 AM
Warning Level: 3 

Findings:
- Inspected /var/log, specifically auth.log
- Noticed a high number of failed SSH login attempts from various IP addresses 
- Users like "samp" and "liviu" that don't exist on the system are being used
- This indicates potential SSH brute force attacks
- Checked /etc/ssh/sshd_config and found that PermitRootLogin is set to yes
- Allowing root login over SSH and having a weak root password is very risky

Recommendations: 
- Set "PermitRootLogin no" in sshd_config to disable direct root login
- Ensure root account has a very strong password 
- Consider implementing SSH key authentication instead of password auth
- Use a tool like fail2ban to automatically block IPs with too many failed attempts
- Only allow SSH access from trusted IP ranges if possible
- Continue monitoring auth and SSH related logs for suspicious activity