Bug#338694: RFP: Denyhosts -- Denyhosts is a simple script that intends to prevent SSH brute force login attempts. It does this by determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a system account).

[Ted O'Hayer <tohayer@gmail.com>]

Package: wnpp
Severity: wishlist


* Package name    : DenyHosts
  Version         : 1.1.2
  Upstream Author : Phil Schwartz
* URL             : http://denyhosts.sourceforge.net
* License         : GPL
  Description     : DenyHosts is a simple script that intends to prevent SSH/Telnet brute force login attempts.

When run for the first time, DenyHosts will create a work directory. The work directory will ultimately store the 
data collected and the files are in a human readable format, for each editing, if necessary.

DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and 
determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the 
user and whether or not that user is root, otherwise valid (eg. has a system account) or invalid (eg. does not have a 
system account).

When DenyHosts determines that a given host has attempted to login using a non-existent user account a configurable 
number of attempts (this is known as the DENY_THRESHOLD_INVALID), DenyHosts will add that host to the /etc/hosts.deny 
file. This will prevent that host from contacting your sshd server again. 

-- System Information:
Debian Release: 3.1
Architecture: i386 (i586)
Kernel: Linux 2.4.18-bf2.4
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)