sshban 1.9 reviewDownload
sshban is simple daemon designed to ban SSH-flooders
sshban is simple daemon designed to ban SSH-flooders. sshban is something like Fail2ban, but much simpler and faster. Instead of scanning system logs, it uses pipe to directly receive data from logger.
sshban is written in pure Perl, more information is available inside the script, in perldoc format. sshban is released under CC 2.5 BY-NC license.
After downloading the sshban bz2 file, you should decompress it and put somewhere into $PATH, for example /usr/local/bin/. Then you should take a look at documentation (perldoc sshban.pl) and change configuration (inside file) if needed. Most of the options can be also overriden by command-line parameters.
When sshban is configured, you should issue sshban --createpipeonly or create the pipe yourself. Then modify syslog config (and maybe SIGHUP command in $initcmd, because defaultly it's based on syslog-ng) and just run sshban. For the first use, you can use --debug --nofork to see if everything works fine.
If you have Gentoo, you can download Gentoo init.d script (after decompressing, you should rename it to sth like sshban, and put in /etc/init.d/). If you have other distro, with incompatible rc.d, you can create your own init.d script and send it to me. You can also send me configurations for other kinds of loggers (than syslog-ng).
What's New in This Release:
The program was rewritten from scratch in pure C.
Many things were simplified and some unneeded functions were removed.
The license was changed to GPL2.
sshban 1.9 search tags