Package sshutout: Information

    Source package: sshutout
    Version: 1.0.6-alt2
    Build time:  Oct 1, 2022, 07:08 PM
    Report package bug
    License: GPL
    Summary: Stop SSH dictionary attacks
    Description: 
    sshutout periodically monitors log files looking for multiple
    failed login attempts via the sshd (optionally, sshd2).  It is
    meant to mitigate what is commonly known as "dictionary attacks,"
    i.e. scripted brute force attacks that use lists of user IDs and
    passwords to effect unauthorized intrusions.  Typically such
    attacks fill up the system logs with hundreds or even thousands
    of log entries for the failed login attempts.  Aside from the
    nuisance of wasted space, wasted bandwidth, and reduced signal
    to noise ratio in the logs, the attacks can pose a real danger
    to systems with weak ID and password combinations.
    
    This package blunts such attacks by creating firewall rules to
    block individual offenders from accessing the system.  These rules
    are created when an attack signature is detected, and after a
    configurable expiry interval has elapsed, the rules are deleted.
    
    While sshutout can help reduce the severity and impact of
    dictionary attacks, it is by no means a substitute for a good
    password policy.  A password policy is the front line of defense
    against intrusion and should be given careful consideration.
    sshutout is merely one small tool intended to help reduce log
    clutter and diminish the incentive to mount dictionary attacks.

    List of RPM packages built from this SRPM:
    sshutout (e2kv6, e2kv5, e2kv4, e2k)

    Maintainer: Michael Shigorin

    List of contributors:
    Michael Shigorin

    Last changed


    Jan. 12, 2010 Michael Shigorin 1.0.6-alt2
    - added Requires: net-tools iptables (closes: #22723)
      + thanks Andrey Chichak for the suggestion
    Dec. 7, 2009 Michael Shigorin 1.0.6-alt1
    - 1.0.6
      + dropped patches (merged upstream)
    - default sshd_log_file changed (less noisy):
      from /var/log/messages
        to /var/log/auth/secure
    - trivial spec cleanup
    Oct. 14, 2009 Michael Shigorin 1.0.5-alt3
    - applied patch by A.Kitouwaykin <cetus newmail ru> to add
      "UNKNOWN USER" pattern recognition (closes: #21869)
    - minor spec cleanup