Summary: Small daemon that monitors for and blocks repeated failed ssh attempts Name: login_sentry Version: 2.2 Release: 0 License: GPLv2 Group: Utilities/System Source0: login_sentry Source1: login_sentry.init Packager: Jesse Shrieve BuildArch: noarch BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root Requires: /usr/bin/logger %description Small perl daemon that monitors a logfile for failed ssh attempts. Can optionally also watch for a couple other failed login types such as dovecot (via PAM auth) and postfix SASL. Adds hosts with repeated failures to /etc/hosts.deny for a configurable time period and sends an email report. Can block faster for certain usernames (usually bogus names used by brute force attacks). #%prep #%build %install mkdir -p $RPM_BUILD_ROOT/usr/sbin cp -f %{SOURCE0} $RPM_BUILD_ROOT/usr/sbin/login_sentry mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d cp -f %{SOURCE1} $RPM_BUILD_ROOT/etc/rc.d/init.d/login_sentry %post /sbin/service login_sentry condrestart > /dev/null 2>&1 || : %clean rm -rf $RPM_BUILD_ROOT %preun # if [ $1 = 0 ]' checks that this is the actual deinstallation of # the package, as opposed to just removing the old package on upgrade. if [ $1 = 0 ]; then # These statements stop the service, and remove the /etc/rc*.d links. /sbin/service login_sentry stop >/dev/null 2>&1 /sbin/chkconfig --del login_sentry fi # rpm should not abort if last command run had non-zero exit status, exit cleanly exit 0 %files %defattr(-,root,root) %attr(0750,root,root) /usr/sbin/login_sentry %attr(0755,root,root) /etc/rc.d/init.d/login_sentry %changelog * Thu Feb 2 2006 Jesse Shrieve 2.2-0 - Match more log formats. - Fix -f argument not working due to taint restrictions. - Disable metacharacters when regex grepping for $user. * Thu Mar 10 2005 Jesse Shrieve 2.0-0 - Cleaned up for RPM.