BlockSSHD 0.9 review

Download
by rbytes.net on

BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules to block SSH brute force attacks.

License: GPL (GNU General Public License)
File size: 0K
Developer: James Turnbull
0 stars award from rbytes.net

BlockSSHD is a Perl script based on BruteForceBlocker v1.2.3 that dynamically adds IPTables rules to block SSH brute force attacks.

BlockSSHD checks a log file you specify, for example /var/log/secure on a Red
Hat, for SSH login failure messages. If it detects a failure message it records the source IP address and starts a counter. If messages continue to be detected from the same source IP address the counter is incremented for each message. When the counter reaches a user-specified threshold then the script will add an IPTables rules blocking SSH connections from that source IP address.

A user-specified time-out is also defined to trigger a reset of the counter. If the counter is incremented but has not yet reached the blocking threshold and a new login failure message arrives then BlockSSHD checks the time-out. If the last increment of the counter occurred earlier than the current time minus the time-out period then the counter is reset rather than incremented. The time-out defaults to 600 seconds (10 minutes).

The BlockSSHD script also has some command line options:

*) -d | --daemon | --start - Runs the script as a daemon
*) --stop - Stops the script
*) -h | --help - Prints help text
*) -v | --version - Print the version

Running the BlockSSHD script without any command line options will start it interactively.

You will also find a Red Hat style init script in the init directory.

What's New in This Release:
Fixed init script binary location
Fixed minor documentation errors
Fixed spec file errors - including adding conf file installation (Thanks to Samuel Granjeaud for reporting these bugs)

BlockSSHD 0.9 keywords