git: sshlockout - Add sshlockout utility

Matthew Dillon dillon at crater.dragonflybsd.org
Wed Dec 31 19:24:30 PST 2014


commit a4ac8286be21b1495af8ec1db83271dacaa79556
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Wed Dec 31 19:21:47 2014 -0800

    sshlockout - Add sshlockout utility
    
    * Add sshlockout utility, typically setup as a syslog pipe.  This utility
      monitors for failed ssh login attempts and excessive preauth failures
      and will add a rule via IPFW to block the originating IP.
    
      The operator also typically sets up a cron job to clean out the IPFW rules
      that have accumulated once a day.
    
    * See man page for details.  Still under construction (feel free to submit
      additional features).
    
      TODO - IPV6
    
      TODO - Use a PF table instead of IPFW, which will greatly improve
    	 performance if a lot of rules have to be added.

Summary of changes:
 usr.sbin/Makefile                                  |   1 +
 usr.sbin/sshlockout/Makefile                       |   6 +
 .../monitor.1 => usr.sbin/sshlockout/sshlockout.8  |  72 +++---
 usr.sbin/sshlockout/sshlockout.c                   | 279 +++++++++++++++++++++
 4 files changed, 327 insertions(+), 31 deletions(-)
 create mode 100644 usr.sbin/sshlockout/Makefile
 copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%)
 create mode 100644 usr.sbin/sshlockout/sshlockout.c

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556


-- 
DragonFly BSD source repository


More information about the Commits mailing list