sshguard
Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
| Tags | Networking Firewalls Monitoring Security Systems Administration |
|---|---|
| Licenses | BSD Revised |
| Operating Systems | POSIX |
| Implementation | C |
Recent releases
- 10 May 2010 14:06
Changes: This release contains improvements to blacklisting, the Log Sucker, and logging. Some fixes were made to the process authentication system, recognition of multilog messages, and documentation.
- 12 Apr 2010 22:12
Changes: This release fixes compilation issues on Solaris, fixes the "hosts" backend's logic for temporary files, and fixes the blacklist module to avoid inconsistencies in saved blacklists.
- 02 Mar 2010 13:28
Changes: With respect to 1.5beta3, this release completes support for IPv6 by adding support for CIDR-based IPv6 whitelisting and whitelisting of both IPv4 and IPv6 addresses when adding hosts. IPv4-mapped IPv6 addresses are passed to backend firewalls as IPv4. This is the last release that adds features for 1.5. The next releases will only fix bugs until 1.5 stable.
- 11 Feb 2010 20:39
Changes: Sshguard now recognizes "last message repeated N times" messages, contextually and per-source. Attackers are now gauged with dangerousness instead of attack counts by adjusting the '-a' option. Support for Sendmail relaying abuse and for vsftpd authentication failure messages has been added. The recognition of messages of Gentoo's PAM implementation for authentication failure has been added.
- 12 Jan 2010 08:51
Changes: The Log Sucker has been extended to handle volatile files. Support was included for new attack patterns from Exim and cucipop. The recognition of certain IPv6 addresses has been corrected.
Heartbeat
- Popularity Score
- 687.26
- Vitality Score
- 19.69
- Subscriptions
- 79
