git: sshlockout - Add sshlockout utility
bycn82 at gmail.com
Thu Jan 1 03:20:40 PST 2015
*I am interested in this topic. *
*But IMHO. I think it will be good to use IPFW, because we can use "dynamic
rule" to block the traffic, and each "dynamic rule" should have it's own
*So this sshlockout just need to monitor the ssh log and determine when and
how to insert a correct "dynamic rule".*
On 1 January 2015 at 11:24, Matthew Dillon <dillon at crater.dragonflybsd.org>
> commit a4ac8286be21b1495af8ec1db83271dacaa79556
> Author: Matthew Dillon <dillon at apollo.backplane.com>
> Date: Wed Dec 31 19:21:47 2014 -0800
> sshlockout - Add sshlockout utility
> * Add sshlockout utility, typically setup as a syslog pipe. This
> monitors for failed ssh login attempts and excessive preauth failures
> and will add a rule via IPFW to block the originating IP.
> The operator also typically sets up a cron job to clean out the IPFW
> that have accumulated once a day.
> * See man page for details. Still under construction (feel free to
> additional features).
> TODO - IPV6
> TODO - Use a PF table instead of IPFW, which will greatly improve
> performance if a lot of rules have to be added.
> Summary of changes:
> usr.sbin/Makefile | 1 +
> usr.sbin/sshlockout/Makefile | 6 +
> .../monitor.1 => usr.sbin/sshlockout/sshlockout.8 | 72 +++---
> usr.sbin/sshlockout/sshlockout.c | 279
> 4 files changed, 327 insertions(+), 31 deletions(-)
> create mode 100644 usr.sbin/sshlockout/Makefile
> copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%)
> create mode 100644 usr.sbin/sshlockout/sshlockout.c
> DragonFly BSD source repository
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users