Question - why are we adding tools to base (eg sshlockout) when there are general-purpose tools that already exist that do this quite well (example - fail2ban)?
Regards, -- Matt Emmerton From: Users [mailto:[email protected]] On Behalf Of bycn82 Sent: Thursday, January 01, 2015 6:21 AM To: Matthew Dillon Cc: [email protected] Subject: Re: git: sshlockout - Add sshlockout utility Hi, I am interested in this topic. But IMHO. I think it will be good to use IPFW, because we can use "dynamic rule" to block the traffic, and each "dynamic rule" should have it's own expiry. So this sshlockout just need to monitor the ssh log and determine when and how to insert a correct "dynamic rule". And suggestion? Regards, Bill Yuan On 1 January 2015 at 11:24, Matthew Dillon <[email protected]> wrote: commit a4ac8286be21b1495af8ec1db83271dacaa79556 Author: Matthew Dillon <[email protected]> Date: Wed Dec 31 19:21:47 2014 -0800 sshlockout - Add sshlockout utility * Add sshlockout utility, typically setup as a syslog pipe. This utility monitors for failed ssh login attempts and excessive preauth failures and will add a rule via IPFW to block the originating IP. The operator also typically sets up a cron job to clean out the IPFW rules that have accumulated once a day. * See man page for details. Still under construction (feel free to submit additional features). TODO - IPV6 TODO - Use a PF table instead of IPFW, which will greatly improve performance if a lot of rules have to be added. Summary of changes: usr.sbin/Makefile | 1 + usr.sbin/sshlockout/Makefile | 6 + .../monitor.1 => usr.sbin/sshlockout/sshlockout.8 | 72 +++--- usr.sbin/sshlockout/sshlockout.c | 279 +++++++++++++++++++++ 4 files changed, 327 insertions(+), 31 deletions(-) create mode 100644 usr.sbin/sshlockout/Makefile copy usr.bin/monitor/monitor.1 => usr.sbin/sshlockout/sshlockout.8 (60%) create mode 100644 usr.sbin/sshlockout/sshlockout.c http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/a4ac8286be21b1495af8ec1db83271dacaa79556 -- DragonFly BSD source repository
