Interesting coincidence; I was just exploring sshguard as a means to accomplish similar goals this weekend.
On Jan 20, 2015, at 7:54 PM, Christos Zoulas wrote: > This is package contains library that can be used by network daemons to > communicate with a packet filter via a daemon to enforce opening and > closing ports dynamically based on policy. Having the daemons directly record the outcome of their authentication seems preferable to groveling through log entries as, for example, sshguard does. However, that requires modification of the relevant daemons and is in that sense more intrusive. Is your idea to modify (or encourage modification of) a broad array of daemons that might benefit from this? I'm thinking, for example, of daemons responsible for IMAP mail delivery and other such things that require credentials. Is this something that can be added to PAM and thereby avoid being so intrusive on the daemons themselves? Cheers, Brook
