blob: 25e242be10acfb952c6ee2e03d0a2400b63d5ade (
plain) (
tree)
|
|
DenyHosts is a utility developed by Phil Schwartz and maintained by a number of
developers which aims to thwart sshd (ssh server) brute force attacks.
If you've ever looked at your ssh log (/var/log/auth.log) you may be alarmed
to see how many hackers attempted to gain access to your server.
Denyhosts helps you:
- Parses /var/log/auth.log to find all login attempts
- Can be run from the command line, cron or as a daemon (new in 0.9)
- Records all failed login attempts for the user and offending host
- For each host that exceeds a threshold count, records the evil host
- Keeps track of each non-existent user (eg. sdada) when a login attempt failed.
- Keeps track of each existing user (eg. root) when a login attempt failed.
- Keeps track of each offending host (hosts can be purged)
- Keeps track of suspicious logins
- Keeps track of the file offset, so that you can reparse the same file
- When the log file is rotated, the script will detect it
- Appends /etc/hosts.allow
- Optionally sends an email of newly banned hosts and suspicious logins.
- Resolves IP addresses to hostnames, if you want
WWW: https://github.com/denyhosts/denyhosts
|
