Idea for a security program
Rajiv Aaron Manglani
rajiv at alum.mit.edu
Thu Dec 28 23:05:43 EST 2006
> my dozen or so domain names. Being me, I started planning a more
> generalized program that can read in a configuration file with a
> logfile
> filename to monitor, and a series of regular expressions that will
> match
> lines from baddies, capturing the IP address from them, and adding
> them
> to /etc/hosts.deny, just like denyhosts does. You can do it for most
> any service that way.
> 2) Does such a tool already exist? It might be fun to write, but I
> have
> better things to do with my time if one already exists.
http://www.pettingers.org/code/sshblack.html
dont be misled by the name, it can monitor any log file for any
regexp. supports emailing you with status, timing out hosts after a
certain amount of time, white listing of hosts by ip address, etc. it
doesn't add to hosts.deny but it does add to iptables (which would
solve your issue with postfix). you can also set sshblack to run any
command instead of iptables.
rajiv
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the Discuss
mailing list