Matthew Nuzum wrote:
I've not looked into it, but it would be nice if there was some *simple* to maintain script that would detect these types of probes and automaticallyadd the IP to hosts.deny and etc.
I found DenyHosts [1] which is a Python script you can run in daemon mode (or a cronjob) that scans your ssh logs and adds hosts that are trying to break in to /etc/hosts.deny and optionally passes the IP addresses to some simple plugins (could be used to add iptables rules for blocking those hosts). I tried it and I think it's nice. It's available from Fedora Extras.
Another script I've found is Daemon Shield [2], but I haven't tried it yet. Adds iptables rules for probing hosts. Any comments? Does anyone know of better scripts?
Nils Breunese. [1] http://denyhosts.sourceforge.net/ [2] http://daemonshield.sourceforge.net/