On Tue, 2008-04-22 at 12:21 -0600, Kimball Larsen wrote:
> I could pretty easily write a script to modify the contents of the
> host.allow, but the syntax for the hosts.allow file is such that it
> would be easier to re-write the file each time, rather than being able
> to just update the permitted IP address. I'd prefer not to have to do
> this.
>
> So, what do you use for your whitelist?
I wrote an iptables-based auto blacklisting daemon that I use. It works
quite well and has reasonable precautions to prevent you from locking
yourself out. It hasn't been updated in a while, but then again it also
hasn't broken in a while either.
http://www.zmonkey.org/~tensai/ssh-lockout/
Corey
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
