git: sshlockout - Add sshlockout utility
Matt Emmerton
matt at gsicomp.on.ca
Thu Jan 1 08:33:57 PST 2015
Question - why are we adding tools to base (eg sshlockout) when there are general-purpose tools that already exist that do this quite well (example - fail2ban)?
Regards,
--
Matt Emmerton
From: Users [mailto:users-bounces at dragonflybsd.org] On Behalf Of bycn82
Sent: Thursday, January 01, 2015 6:21 AM
To: Matthew Dillon
Cc: users at dragonflybsd.org
Subject: Re: git: sshlockout - Add sshlockout utility
Hi,
I am interested in this topic.
But IMHO. I think it will be good to use IPFW, because we can use "dynamic rule" to block the traffic, and each "dynamic rule" should have it's own expiry.
So this sshlockout just need to monitor the ssh log and determine when and how to insert a correct "dynamic rule".
And suggestion?
Regards,
Bill Yuan
On 1 January 2015 at 11:24, Matthew Dillon <dillon at crater.dragonflybsd.org> wrote:
commit a4ac8286be21b1495af8ec1db83271dacaa79556
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Wed Dec 31 19:21:47 2014 -0800
sshlockout - Add sshlockout utility
* Add sshlockout utility, typically setup as a syslog pipe. This utility
monitors for failed ssh login attempts and excessive preauth failures
and will add a rule via IPFW to block the originating IP.
The operator also typically sets up a cron job to clean out the IPFW rules
that have accumulated once a day.
* See man page for details. Still under construction (feel free to submit
additional features).
TODO - IPV6
TODO - Use a PF table instead of IPFW, which will greatly improve
performance if a lot of rules have to be added.
Summary of changes:
usr.sbin/Makefile | 1 +
usr.sbin/sshlockout/Makefile | 6 +
.../monitor.1 => usr.sbin/sshlockout/sshlockout.8 | 72 +++---
usr.sbin/sshlockout/sshlockout.c | 279 +++++++++++++++++++++
4 files changed, 327 insertions(+), 31 deletions(-)
create mode 100644 usr.sbin/sshlockout/Makefile
copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%)
create mode 100644 usr.sbin/sshlockout/sshlockout.c
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556
--
DragonFly BSD source repository
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150101/35c5a7c7/attachment-0002.html>
More information about the Users
mailing list