authfail is a tool for adding IP addresses to an ACL when entities from those addresses attempt to log into a system, but cause authentication failures in auth.log. It reads data from auth.log in real time and adds the IP into netfilter with a DROP/REJECT policy.
|Tags||Security Logging Systems Administration|
Release Notes: New rules were added to catch more denied login attempts.
Release Notes: The Setup.pl file was modified to not notify private RFC 1918 networks during the setup process.
Release Notes: Private networks from RFC 1918 are not notified.
Release Notes: Whois lookup and email notifications were implemented.
Release Notes: A modification was made to the regexp feature. The debian/authfail.init script was modified to prevent running another authfail daemon if one is already running.