Linux Today: Linux News On Internet Time.

Protect your server with SSHGuard

Nov 03, 2011, 14:02 (0 Talkback[s])

[ Thanks to Linuxaria for this link. ]

"The short version is: it receives log messages, it detects when a networked service has been abused based on them, and blocks the address of who abused it; after some time, it releases the blocking.

"The full version is: sshguard runs on a machine as a small daemon, and receives log messages (in a number of ways, e.g. from syslog). When it determines that address X did something bad to service Y, it fires a rule in the machine's firewall (one of the many supported) for blocking X. Sshguard keeps X blocked for some time, then releases it automatically.

"Please note that despite of his name sshguard detects attacks for many services out of the box, not only SSH but also several ftpds, Exim and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication"

Complete Story

Related Stories: