On Friday 13 January 2006 11:58, Jim Cheetham wrote:
> On Fri, Jan 13, 2006 at 11:53:30AM +1300, Dave van Leeuwen wrote:
> > > (1) Is there some desktop monitoring utility that will immediately
> > > notify me of suscpious behaviour? I'm rather disturbed that it's taken
> > > me 4 days to notice this.
> >
> > daemonshield runs as a daemon watching sshd logs and pam logs for failed
> > logins. If these reach a threshold then an IPtables rule blocks the ip
> > for a given period of time.
>
> DenyHosts is another program doing a similar task, but using tcpwrappers
> instead of IPtables. It allows you to expire blocked hosts after a few
> days ...
Just so you have another option -- fail2ban is another program doing the same
thing as the above two.
The nice thing about it for me is that it's in the Debian repository.
HTH
hads
--
Traffic signals in New York are just rough guidelines.
-- David Letterman
