SourceFiles.org - Use the Source, Luke
Home | Register | News | Forums | Guide | MyLinks | Bookmark

Sponsored Links

Latest News
  General News
  Reviews
  Press Releases
  Software
  Hardware
  Security
  Tutorials
  Off Topic


Back to files

Daemon Shield Readme

Last updated: 7.5.05

Find IPs of crackers and kiddies attempting to break in. Creates iptables rules to block attackers' IPs for a specified period of time.

It works by using handlers which are created to watch for attacks against a given service, such as ssh, telnet, ftp, etc. The handlers can be enabled or disabled on a case-by-case basis. Each handler defines its logfile, search pattern, trigger threshold, and method of determing attacking IPs. When a list of IPs to be dropped is created, it uses a customizable iptables rule to block those IPs from any type of connection to the host. After the given blocktime, the iptable rule is deleted. The handlers only looks at the logfile's lines that are within a given window of time, from the present till a user-definable amount of seconds back in time.

Currently, ssh and pam modules are functional and enabled by default. The pam handler watches for any "authentication failure" lines and operates accordingly, so it should block any attacks against pamenabled services.

FEATURES

  • Creates iptables log & reject rules against attacker's IPs.
  • Background daemon continuously watches logfiles for activity.
  • Logs to syslog.
  • Modular attack monitors, easy to extend to other services.
  • Block rules expire after specified period of time.
  • Blocklist file also serves as log for blocklist activity.
  • Email notification for IP block rule creation.
  • Retains blocklists from one process to the next.
  • Iptable rules are dynamic. They are removed when the daemon stops and are reloaded when the daemon restarts.
  • Only 1 instance of daemonshield will run at one time.

REQUIREMENTS

Daemonshield requires Python 2.3 or greater. See the INSTALL file for notes on this requirement. It also requires iptables, and therefore will only work on linux kernels 2.4 or greater.

INSTALLATION

See the INSTALL file.

COPYRIGHT, LICENSE, AND DISCLAIMER

This collective work is Copyright (C)2005 by Charles W. Sharp. <chucksharp (at) yahoo.com>

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, version 2.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA

CREDITS

This is based heavily on the concepts of the BFD shell scripts by Ryan MacDonald [ryan@r-fx.org]. The ip blocking code is based heavily on the drop-ip shell script from Steve Wampler.

Thanks to David Preston, Bob Carrigan, Rod Marten, Josh Brown, and Doug Harper for testing and many great suggestions.

AUTHOR

Charles (Chuck) Sharp
chucksharp at yahoo.com


Sponsored Links

Discussion Groups
  Beginners
  Distributions
  Networking / Security
  Software
  PDAs

About | FAQ | Privacy | Awards | Contact
Comments to the webmaster are welcome.
Copyright 2006 Sourcefiles.org All rights reserved.