[NBLUG/talk] opensshd delay after fail
argonaut at gmx.co.uk
Wed Oct 19 14:30:33 PDT 2005
Bob Blick wrote on Wed, 19 Oct 2005 10:18:16 -0700 (PDT):
> Denying, either through hosts.deny or iptables, seems like the
> best thing to do, with /var/log/messages as the source.
> But I also want to be fast responding, so a cron job that
> analyzes the log doesn't appeal to me.
You may be interested in a Python script called DenyHosts
( http://denyhosts.sourceforge.net/ ). It's quite configurable,
is smart enough to parse only the part of the logfile that has
changed since the last check, can time-out old hosts.deny
entries, can be run from cron or as a daemon for near-real-time
blocking, and supports FreeBSD (if you use it) as well as Linux.
There's a short (and slightly out-of-date) article about it at
More information about the talk