The sshutout software monitors log files for repeated failed login attempts via Secure Shell daemon. It does so at set intervals, functioning as a daemon process.
The sshutout algorithm is based on a standard model for *nix daemons. The program starts with a set of built-in default values, which can be further refined using an optional configuration file or command line arguments that specify overrides. The program checks if it has the required superuser authority and then forks into a newly detached process, leaving the original process to terminate.
Once the program is running, it constructs an initial whitelist based on the addresses of all active network interfaces, the default route, and name servers. Additional addresses can be appended to this list from the configuration file or command line. Signal handling is also set up, with SIGHUP used to refresh the daemon's operating parameters from the configuration file, and other signals such as SIGTERM and SIGPWR used for a graceful termination of the daemon process.
The daemon's main processing loop spends most of its time in a sleep state, waking up approximately once per second to examine all entries in its blocked hosts list and block or unblock these hosts depending on their expiration status. If the polling interval has elapsed, the daemon examines the host's configuration to determine if any changes are required to the whitelist. The daemon then examines the specified log file to tally failed login attempts for each unique host address over the polling interval, blocking offenders that exceed a specified threshold (unless they are in the whitelist).
Installing sshutout is quick and easy. Simply download and extract the tarball, run make and make install while logged in as the superuser. This latest release fixes various bugs, including "-Invalid User" detection and a segfault when parsing the config file with an alternate output log file name. So if you're looking for a reliable and effective solution for securing your system against dictionary attacks, sshutout is definitely worth checking out.
Version 1.0.5: N/A