Projects / sshguard

Download
More Information
sshguard

Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.

Tags
Licenses
Operating Systems
Implementation

Tweet this project Short link

Rss Recent releases

  • Rrelease-mid
  •  02 Mar 2010 13:28
  • Rrelease-after

    Changes: With respect to 1.5beta3, this release completes support for IPv6 by adding support for CIDR-based IPv6 whitelisting and whitelisting of both IPv4 and IPv6 addresses when adding hosts. IPv4-mapped IPv6 addresses are passed to backend firewalls as IPv4. This is the last release that adds features for 1.5. The next releases will only fix bugs until 1.5 stable.

    • Rrelease-mid
    •  11 Feb 2010 20:39
    • Rrelease-after

      Changes: Sshguard now recognizes "last message repeated N times" messages, contextually and per-source. Attackers are now gauged with dangerousness instead of attack counts by adjusting the '-a' option. Support for Sendmail relaying abuse and for vsftpd authentication failure messages has been added. The recognition of messages of Gentoo's PAM implementation for authentication failure has been added.

      • Rrelease-mid
      •  12 Jan 2010 08:51
      • Rrelease-after

        Changes: The Log Sucker has been extended to handle volatile files. Support was included for new attack patterns from Exim and cucipop. The recognition of certain IPv6 addresses has been corrected.

        • Rrelease-mid
        •  29 Dec 2009 02:13
        • Rrelease-after

          Changes: This release is capable of monitoring many log files at once without relying on logging systems such as syslog. It introduces a number of other fixes and improvements.

          • Rrelease-mid
          •  23 Sep 2009 13:46
          • Rrelease-after

            Changes: This release includes many new features (touchiness, automatic permanent blacklisting, IPv6 whitelisting, and more), many bugfixes to the logic, and some fixes and additions to the log analyzer.

            Links

            • mijio
              10 Feb 2007 08:42

            5cf604b08be0afe1bd5d5da096601e45_thumb

            Heartbeat

            Google Chart
            Popularity Score
            809.35
            Vitality Score
            43.76
            Subscriptions
            74
            Voting Score: 2 (4 votes)
            Bf44d905ae42e39b130f9ba19aecc8dd_thumb

            Project Spotlight

            Talend Open Studio

            An extendable extract-transform-load tool where jobs are Perl or Java scripts.

            No-screenshot

            Project Spotlight

            scrap2rtf

            A simple program to convert Shell Scrap Object Files (.shs) to Rich Text Format.