git: sshlockout - Add sshlockout utility

Matt Emmerton matt at gsicomp.on.ca
Thu Jan 1 08:33:57 PST 2015


Question - why are we adding tools to base (eg sshlockout) when there are general-purpose tools that already exist that do this quite well (example - fail2ban)?

 

Regards,

--

Matt Emmerton

 

From: Users [mailto:users-bounces at dragonflybsd.org] On Behalf Of bycn82
Sent: Thursday, January 01, 2015 6:21 AM
To: Matthew Dillon
Cc: users at dragonflybsd.org
Subject: Re: git: sshlockout - Add sshlockout utility

 

Hi,

 

I am interested in this topic. 

 

But IMHO. I think it will be good to use IPFW, because we can use "dynamic rule" to block the traffic, and each "dynamic rule" should have it's own expiry. 

 

So this sshlockout just need to monitor the ssh log and determine when and how to insert a correct "dynamic rule".

 

And suggestion?

 

 

Regards,

Bill Yuan

 

On 1 January 2015 at 11:24, Matthew Dillon <dillon at crater.dragonflybsd.org> wrote:


commit a4ac8286be21b1495af8ec1db83271dacaa79556
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date:   Wed Dec 31 19:21:47 2014 -0800

    sshlockout - Add sshlockout utility

    * Add sshlockout utility, typically setup as a syslog pipe.  This utility
      monitors for failed ssh login attempts and excessive preauth failures
      and will add a rule via IPFW to block the originating IP.

      The operator also typically sets up a cron job to clean out the IPFW rules
      that have accumulated once a day.

    * See man page for details.  Still under construction (feel free to submit
      additional features).

      TODO - IPV6

      TODO - Use a PF table instead of IPFW, which will greatly improve
         performance if a lot of rules have to be added.

Summary of changes:
 usr.sbin/Makefile                                  |   1 +
 usr.sbin/sshlockout/Makefile                       |   6 +
 .../monitor.1 => usr.sbin/sshlockout/sshlockout.8  |  72 +++---
 usr.sbin/sshlockout/sshlockout.c                   | 279 +++++++++++++++++++++
 4 files changed, 327 insertions(+), 31 deletions(-)
 create mode 100644 usr.sbin/sshlockout/Makefile
 copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%)
 create mode 100644 usr.sbin/sshlockout/sshlockout.c

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556


--
DragonFly BSD source repository

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dragonflybsd.org/pipermail/users/attachments/20150101/35c5a7c7/attachment-0002.html>


More information about the Users mailing list