[NBLUG/talk] opensshd delay after fail

Andrew argonaut at gmx.co.uk
Wed Oct 19 14:30:33 PDT 2005


Bob Blick wrote on Wed, 19 Oct 2005 10:18:16 -0700 (PDT):

> Denying, either through hosts.deny or iptables, seems like the
> best thing to do, with /var/log/messages as the source.
...
> But I also want to be fast responding, so a cron job that
> analyzes the log doesn't appeal to me.

Howdy, Bob,

You may be interested in a Python script called DenyHosts
( http://denyhosts.sourceforge.net/ ). It's quite configurable,
is smart enough to parse only the part of the logfile that has
changed since the last check, can time-out old hosts.deny
entries, can be run from cron or as a daemon for near-real-time
blocking, and supports FreeBSD (if you use it) as well as Linux.

There's a short (and slightly out-of-date) article about it at
http://rootprompt.org/article.php3?article=8735

A.



More information about the talk mailing list