Re: Package to block random SSH login attempts?
adam@rosi-kessel.org (Adam Rosi-Kessel) writes:
> Is there any Debian package (or free software outside of Debian) that can
> detect random ssh login attempts and blacklist (temporarily or
> permanently) the IP address?
>
You might want to check the (albeit still unofficial) "mirabello"
package i provide at an apt-get enabled unofficial archive at
"http://ietpd1.sowi.uni-mainz.de/debian/":
---------------- snip ----------------
Package: mirabello
Version: 0.31
Priority: optional
Section: net
Maintainer: Paul Seelig <pseelig@debian.org>
Depends: screen, iptables, whois, bash (>= 3.0-1)
Suggests: ipmasq, portsentry
Architecture: all
Filename: ./binary/mirabello_0.31_all.deb
Size: 6848
Installed-Size: 24
MD5sum: d04bd01b116f2c669ba09aa3c51322b6
Description: intrusion detection monitoring and IP blocking scripts
The script "runclient" is run via cron job at each reboot and every 15
minutes to ensure that scripts or programs defined via the RUNCLIENTS
variable in /etc/mirabello.conf are started or continually running in
the background within a detached screen session.
.
The mirabello script checks for illegal uploads via abuse of apache
webserver vulnerabilities. It immediately shuts down the webserver if
files owned by user "www-data" appear in the monitored temp dirs, and
archives all log files into a not so obvious place on the server
machine for remote retrieval by the sysadmin who has been sent an alert
via mail.
.
The script intrudercheck monitors /var/log/auth.log for illegal ssh
login attempts and blocks any source IP address from further contact to
the system via iptables reject command.
---------------- snip ----------------
----- End forwarded message -----
Reply to: