Projects / sshguard

sshguard

Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.

Tags
Licenses
Operating Systems
Implementation

RSS Recent releases

  •  14 Feb 2011 21:46

Release Notes: This is a milestone release, coming after 18 months of development and testing and a long list of beta and RC releases. Two major features are introduced: the LogSucker, to monitor many log sources at once, and attack dangerousness, to punish attacks with fine-tuned severity. Along with these comes a long list of further minor features, signatures, and fixes. All users are strongly recommended to update to this version, and report missing signatures to http://sshguard.net/newsignature/ .

  •  09 Aug 2010 09:10

    Release Notes: This release candidate fixes the last known bugs submitted by users for 1.5rc3. Fixes cover mainly Solaris portability, plus whitelisting and a rare assertion violation and file descriptor leak. This is the last RC planned before 1.5 stable.

    •  10 May 2010 14:06

      Release Notes: This release contains improvements to blacklisting, the Log Sucker, and logging. Some fixes were made to the process authentication system, recognition of multilog messages, and documentation.

      •  12 Apr 2010 22:12

        Release Notes: This release fixes compilation issues on Solaris, fixes the "hosts" backend's logic for temporary files, and fixes the blacklist module to avoid inconsistencies in saved blacklists.

        •  02 Mar 2010 13:28

          Release Notes: With respect to 1.5beta3, this release completes support for IPv6 by adding support for CIDR-based IPv6 whitelisting and whitelisting of both IPv4 and IPv6 addresses when adding hosts. IPv4-mapped IPv6 addresses are passed to backend firewalls as IPv4. This is the last release that adds features for 1.5. The next releases will only fix bugs until 1.5 stable.

          Screenshot

          Project Spotlight

          BAR: backup archiver program

          An archiver program with compression and encryption support.

          Screenshot

          Project Spotlight

          Excel Writer

          A package to write Excel files with basic formatting easily.