Daemon Shield is a Linux intrusion prevention daemon that scans for brute force break-in attacks in real time and uses iptables to create rules that block the attackers' IP addresses for a configurable period of time. It uses handlers that watch for attacks against given services, such as SSH, telnet, FTP, etc. It is highly configurable through a central configuration file. It loads existing blocklist rules into iptables on startup, and removes the blocklist rules when it shuts down. Other major features include background daemon operation, logging to syslog, easy-to-extend handlers, configurable block duration, and email notifications.
|Tags||Security Networking Firewalls|
|Operating Systems||POSIX Linux|
Release Notes: All of the required IP chains and rules are now created upon startup and removed upon shutdown automatically, without file editing by hand. The init script should no longer depend on an RHEL-based distribution. The configure script now has a --with-python option in order to accomodate multiple installed Python distributions. More documentation has been written, including some information on installing Python 2.3. There are several minor bugfixes.
Release Notes: This release works well in the environments where it has been tested, which include RHEL ES 4, CentOS 4, and RHEL ES 3 with Python 2.3 installed. Currently, SSH and PAM handlers are functional and enabled by default. The pam handler should block any attacks against pam-enabled services. A handler for Apache is planned for future releases.