[EMAIL PROTECTED] (Adam Rosi-Kessel) writes: > Is there any Debian package (or free software outside of Debian) that can > detect random ssh login attempts and blacklist (temporarily or > permanently) the IP address? > You might want to check the (albeit still unofficial) "mirabello" package i provide at an apt-get enabled unofficial archive at "http://ietpd1.sowi.uni-mainz.de/debian/":
---------------- snip ---------------- Package: mirabello Version: 0.31 Priority: optional Section: net Maintainer: Paul Seelig <[EMAIL PROTECTED]> Depends: screen, iptables, whois, bash (>= 3.0-1) Suggests: ipmasq, portsentry Architecture: all Filename: ./binary/mirabello_0.31_all.deb Size: 6848 Installed-Size: 24 MD5sum: d04bd01b116f2c669ba09aa3c51322b6 Description: intrusion detection monitoring and IP blocking scripts The script "runclient" is run via cron job at each reboot and every 15 minutes to ensure that scripts or programs defined via the RUNCLIENTS variable in /etc/mirabello.conf are started or continually running in the background within a detached screen session. . The mirabello script checks for illegal uploads via abuse of apache webserver vulnerabilities. It immediately shuts down the webserver if files owned by user "www-data" appear in the monitored temp dirs, and archives all log files into a not so obvious place on the server machine for remote retrieval by the sysadmin who has been sent an alert via mail. . The script intrudercheck monitors /var/log/auth.log for illegal ssh login attempts and blocks any source IP address from further contact to the system via iptables reject command. ---------------- snip ---------------- ----- End forwarded message ----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
