RECENT POSTS
- Introduction to FreeBSD Security Best Practices
- Working with Package Management in FreeBSD
- Understanding FreeBSD Security Advisories and Updates
- Troubleshooting Common System Administration Issues in FreeBSD
- Tips for Hardening FreeBSD to achieve System Protection
- Setting Up DHCP Server in FreeBSD
- Secure User and Group Management in FreeBSD Systems
- Secure Remote Access with SSH in FreeBSD
- Optimizing System Performance in FreeBSD
- Network Packet Capture with tcpdump in FreeBSD
- All posts ...
Do you have GDPR compliance issues ?
Check out Legiscope a GDPR compliance software, that will save you weeks of work, automating your documentation, the training of your teams and all processes you need to keep your organisation compliant with privacy regulations
Denyhosts
Jul 20, 2023
Script to thwart ssh and imap attacks
DenyHosts is a utility developed by Phil Schwartz and maintained by a number of developers which aims to thwart sshd ssh server brute force attacks.
If you’ve ever looked at your ssh log /var/log/auth.log you may be alarmed to see how many hackers attempted to gain access to your server. Denyhosts helps you
- Parses /var/log/auth.log to find all login attempts
- Can be run from the command line, cron or as a daemon new in 0.9
- Records all failed login attempts for the user and offending host
- For each host that exceeds a threshold count, records the evil host
- Keeps track of each non-existent user eg. sdada when a login attempt failed.
- Keeps track of each existing user eg. root when a login attempt failed.
- Keeps track of each offending host hosts can be purged
- Keeps track of suspicious logins
- Keeps track of the file offset, so that you can reparse the same file
- When the log file is rotated, the script will detect it
- Appends /etc/hosts.allow
- Optionally sends an email of newly banned hosts and suspicious logins.
- Resolves IP addresses to hostnames, if you want
Checkout these related ports:
- Zzuf - Transparent application input fuzzer
- Zlint - X.509 certificate linter
- Zeronet - Decentralized websites using Bitcoin crypto and BitTorrent network
- Zenmap - GUI frontend for the Nmap scanning utility
- Zeek - System for detecting network intruders in real-time
- Zaproxy - The OWASP zed attack proxy
- Yubioath-desktop - GUI for displaying OATH codes with a Yubikey
- Yubikey-personalization-gui - Graphical YubiKey personalization tool
- Yubikey-manager-qt - Cross-platform application for configuring any YubiKey
- Yubikey-agent - Seamless ssh-agent for YubiKeys
- Yubico-piv-tool - Yubico PIV tool
- Ylva - Command line password manager and file encryption program
- Ykpers - Library and tool for personalization of Yubico's YubiKey
- Ykclient - Yubico C client library
- Yersinia - Layer 2 vulnerability scanner (switches, spanning tree, 802.1q ...)