sshutout
sshutout is a daemon that periodically monitors log files, looking for multiple failed login attempts via the Secure Shell daemon. The daemon is meant to mitigate what are commonly known as "dictionary attacks," i.e. scripted brute force attacks that use lists of user IDs and passwords to effect unauthorized intrusions. The sshutout daemon blunts such attacks by creating firewall rules to block individual offenders from accessing the system. These rules are created when an attack signature is detected, and after a configurable expiry interval has elapsed, the rules are deleted.
| Tags | Security |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX Linux |
| Implementation | C |
| Translations | English |
Recent releases
- 06 Dec 2009 16:21
Release Notes: This release fixes improper calls to open(). It increases the size of the line buffer used to read the configuration file. This allows for longer whitelists. It detects "UNKNOWN USER" signatures.
- 31 Dec 2007 03:54
Release Notes: This release fixes "Invalid User" detection (again). It fixes a segfault when parsing the config file with an alternate output log file name.
- 15 Nov 2007 01:19
Release Notes: The -u option is sensitive to "Invalid user" attempts as well as "Illegal user" attempts.
- 29 Jun 2006 17:15
Release Notes: This release adds the -u command line option to enable blocking of "Illegal user" login attempts. This option is also configurable via the configuration file.
- 19 Jun 2006 18:10
Release Notes: A fix to get the actual default route as opposed to the first gateway encountered in the routing table. An option to disable/enable automatic whitelisting of default gateway and name servers.
wdupre1
11 Mar 2006 08:48
