Daemon Shield 0.4.0
August 2 2011
Daemon Shield is a Linux intrusion prevention daemon that scans for brute force break-in attacks in real time. Find IPs of crackers and kiddies attempting to break in. Creates iptables rules to block attackers' IPs for a specified period of time.It works by using handlers which are created to watch for attacks against a given service, such as ssh, telnet, ftp, etc. The handlers can be enabled or disabled on a case-by-case basis.Each handler defines its logfile, search pattern, trigger threshold, and method of determing attacking IPs. When a list of IPs to be dropped is created, it uses a customizable iptables rule to block those IPs from any type of connection to the host.After the given blocktime, the iptable rule is deleted. The handlers only looks at the logfile's lines that are within a given window of time, from the present till a user-definable amount of seconds back in time.Currently, ssh and pam modules are functional and enabled by default. The pam handler watches for any "authentication failure" lines and operates accordingly, so it should block any attacks against pam-enabled service.Here are some key features of "Daemon Shield":· Creates iptables log & reject rules against attacker's IPs.· Background daemon continuously watches logfiles for activity.· Logs to syslog.· Modular attack monitors, easy to extend to other services.· Block rules expire after specified period of time.· Blocklist file also serves as log for blocklist activity.· Email notification for IP block rule creation.· Retains blocklists from one process to the next.· Iptable rules are dynamic. They dissappear when the daemon stops and are reloaded when the daemon restarts.· Only 1 instance of daemonshield will run at one time.Requirements:· Daemonshield requires Python 2.3 or greater. It also requires iptables, and therefore will only work on linux kernels 2.4 or greater.Installation:1. To install the files for this program, run the following commands as root:./configuremake install2. Edit /etc/sysconfig/iptables 2a. Add the following line to the list of iptables chains::Kiddies - [0:0] 2b. Add the following lines to the end of the file:-A Kiddies -j LOG --log-level info --log-prefix "Dropped IP: " -m limit --limit 1/m-A Kiddies -j DROP3. Edit daemonshield.conf to your taste4. To run daemonshield upon startup and shutdown (on redhat systems, anyway),touch /var/lock/subsys/daemonshieldchkconfig --levels=345 daemonshield on5. To start the daemon, run '/etc/init.d/daemonshield start'
Software TagsDaemon Shield | Daemon Shield 0.4.0 | Daemon Shield Free Download | Daemon Shield Reviews | Download Daemon Shield
- KC Softwares VideoInspector 126.96.36.199
- WinPatrol 26.1.2013.0.
- iBackup Extractor 2.0
- MX430 series Mini Master Setup for Windows 8/8 x64/7/7 x64/Vista/Vista64/XP
- Software Ideas Modeler Portable 5.61.4659.40204
- AlertMobile pro 4.0
- Access Manager for Windows 9.7
- Satellite C660/C665 Win7 (64bit): ConfigFree (for PSC2E*, PSC2G*, PSC55*)
- Galileo's Moon Mountain Model
- Business Icon Library 1.0