[Bug 1260845] New: Review Request: sshguard - Protect hosts from brute-force attacks
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1260845
Bug ID: 1260845
Summary: Review Request: sshguard - Protect hosts from
brute-force attacks
Product: Fedora
Version: rawhide
Component: Package Review
Severity: medium
Priority: medium
Assignee: nobody(a)fedoraproject.org
Reporter: konrad(a)tylerc.org
QA Contact: extras-qa(a)fedoraproject.org
CC: package-review(a)lists.fedoraproject.org
Spec URL: https://konradm.fedorapeople.org/fedora/SPECS/sshguard.spec
SRPM URL:
https://konradm.fedorapeople.org/fedora/SRPMS/sshguard-1.5-1.fc22.src.rpm
Description:
sshguard protects hosts from brute-force attacks against SSH and other
services. It aggregates system logs and blocks repeat offenders using
iptables.
sshguard can read log messages from standard input (suitable for piping from
syslog) or monitor one or more log files. Log messages are parsed,
line-by-line, for recognized patterns. If an attack, such as several login
failures within a few seconds, is detected, the offending IP is blocked.
Offenders are unblocked after a set interval, but can be semi-permanently
banned using the blacklist option.
Fedora Account System Username: konradm
N.B.: Sshguard monitors /var/log/secure and depends on rsyslog because it was
not obvious how to get plaintext out of systemd-journald in a single path; with
a small patch to sshguard we could drop the rsyslog dependency.
N.B. 2: I've chosen to integrate sshguard with firewalld via IN_public_deny
rather than trying to have it work standalone and with firewalld. The only
downside here is that server users may grumble about having to run firewalld.
N.B. 3: Not a lot of configuration available / relevant for this service!
There are a few knobs specified as command line options we *could* expose to
admins, but the defaults are pretty reasonable.
Rpmlint is clean, modulo mistaken spelling errors on 'syslog' and 'systemd'.
This is my first systemd .unit file, any feedback is appreciated.
--
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
5 years, 6 months