Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Idea for a security program



> my dozen or so domain names.  Being me, I started planning a more
> generalized program that can read in a configuration file with a  
> logfile
> filename to monitor, and a series of regular expressions that will  
> match
> lines from baddies, capturing the IP address from them, and adding  
> them
> to /etc/hosts.deny, just like denyhosts does.  You can do it for most
> any service that way.
> 2) Does such a tool already exist?  It might be fun to write, but I  
> have
> better things to do with my time if one already exists.

http://www.pettingers.org/code/sshblack.html

dont be misled by the name, it can monitor any log file for any  
regexp. supports emailing you with status, timing out hosts after a  
certain amount of time, white listing of hosts by ip address, etc. it  
doesn't add to hosts.deny but it does add to iptables (which would  
solve your issue with postfix). you can also set sshblack to run any  
command instead of iptables.

rajiv




-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.





BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org