Sshguard monitors services through their logging activity. It reacts to messages about dangerous activity by blocking the source address with the local firewall. Sshguard employs a clever parser that can transparently recognize several logging formats at once (syslog, syslog-ng, metalog, multilog, raw messages), and detects attacks for many services out of the box, including SSH, several ftpds, and dovecot. It can operate all the major firewalling systems, and features support for IPv6, whitelisting, suspension, and log message authentication.
|Tags||Networking Firewalls Monitoring Security Systems Administration|
Release Notes: This is a milestone release, coming after 18 months of development and testing and a long list of beta and RC releases. Two major features are introduced: the LogSucker, to monitor many log sources at once, and attack dangerousness, to punish attacks with fine-tuned severity. Along with these comes a long list of further minor features, signatures, and fixes. All users are strongly recommended to update to this version, and report missing signatures to http://sshguard.net/newsignature/ .
Release Notes: This release candidate fixes the last known bugs submitted by users for 1.5rc3. Fixes cover mainly Solaris portability, plus whitelisting and a rare assertion violation and file descriptor leak. This is the last RC planned before 1.5 stable.
Release Notes: This release contains improvements to blacklisting, the Log Sucker, and logging. Some fixes were made to the process authentication system, recognition of multilog messages, and documentation.
Release Notes: This release fixes compilation issues on Solaris, fixes the "hosts" backend's logic for temporary files, and fixes the blacklist module to avoid inconsistencies in saved blacklists.
Release Notes: With respect to 1.5beta3, this release completes support for IPv6 by adding support for CIDR-based IPv6 whitelisting and whitelisting of both IPv4 and IPv6 addresses when adding hosts. IPv4-mapped IPv6 addresses are passed to backend firewalls as IPv4. This is the last release that adds features for 1.5. The next releases will only fix bugs until 1.5 stable.