Protect sshd w/ SEC
OK, yet another way to go. Get SEC from http://kodu.neti.ee/~risto/sec or Click here. It's just a perl script so it will run out of the box. You will need a config file like this one:/etc/sec-ipfw.conf
type=singlewiththreshold
ptype=regexp
pattern=Authentication failure for (?:illegal user )?(.+?) from (\S+)
desc=ssh password attach from $2
action=shellcmd /sbin/ipfw -q add 2000 deny all from $2 to any 22 in
thresh=3
window=300
ptype=regexp
pattern=Authentication failure for (?:illegal user )?(.+?) from (\S+)
desc=ssh password attach from $2
action=shellcmd /sbin/ipfw -q add 2000 deny all from $2 to any 22 in
thresh=3
window=300
/etc/sec-iptables.conf
type=singlewiththreshold
ptype=regexp
pattern=Failed password.*from.([0-9.]*).*
desc=ssh password attach from $1
action=shellcmd /sbin/iptables -A SEC -s $1 -j REJECT
thresh=3
window=300
ptype=regexp
pattern=Failed password.*from.([0-9.]*).*
desc=ssh password attach from $1
action=shellcmd /sbin/iptables -A SEC -s $1 -j REJECT
thresh=3
window=300
Then start sec.pl with some options. Here's the run file of the sec daemontools service:
#!/bin/sh exec 2>&1 exec /usr/sbin/sec.pl -conf=/etc/sec.conf -syslog=local0 -input=/var/log/secure -log=/var/log/sec.log
There are no comments on this page. [Add comment]