git: sshlockout - Add sshlockout utility

bycn82 bycn82 at gmail.com
Thu Jan 1 03:20:40 PST 2015 

*Hi,*

*I am interested in this topic. *

*But IMHO. I think it will be good to use IPFW, because we can use "dynamic
rule" to block the traffic, and each "dynamic rule" should have it's own
expiry. *

*So this sshlockout just need to monitor the ssh log and determine when and
how to insert a correct "dynamic rule".*

*And suggestion?*


*Regards,*
*Bill Yuan*

On 1 January 2015 at 11:24, Matthew Dillon <dillon at crater.dragonflybsd.org>
wrote:

>
> commit a4ac8286be21b1495af8ec1db83271dacaa79556
> Author: Matthew Dillon <dillon at apollo.backplane.com>
> Date:   Wed Dec 31 19:21:47 2014 -0800
>
>     sshlockout - Add sshlockout utility
>
>     * Add sshlockout utility, typically setup as a syslog pipe.  This
> utility
>       monitors for failed ssh login attempts and excessive preauth failures
>       and will add a rule via IPFW to block the originating IP.
>
>       The operator also typically sets up a cron job to clean out the IPFW
> rules
>       that have accumulated once a day.
>
>     * See man page for details.  Still under construction (feel free to
> submit
>       additional features).
>
>       TODO - IPV6
>
>       TODO - Use a PF table instead of IPFW, which will greatly improve
>          performance if a lot of rules have to be added.
>
> Summary of changes:
>  usr.sbin/Makefile                                  |   1 +
>  usr.sbin/sshlockout/Makefile                       |   6 +
>  .../monitor.1 => usr.sbin/sshlockout/sshlockout.8  |  72 +++---
>  usr.sbin/sshlockout/sshlockout.c                   | 279
> +++++++++++++++++++++
>  4 files changed, 327 insertions(+), 31 deletions(-)
>  create mode 100644 usr.sbin/sshlockout/Makefile
>  copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%)
>  create mode 100644 usr.sbin/sshlockout/sshlockout.c
>
>
> http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556
>
>
> --
> DragonFly BSD source repository
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150101/37c8f83e/attachment-0007.html>

More information about the Users mailing list