On a tip from the news site RootPrompt, I discovered a small security utility called DenyHosts which is for Linux systems to help thwart ssh server attacks. It examines the sshd logs and looks for multiple failed login attempts. It then collects the IP addresses of the offending hosts and writes them out to
/etc/hosts.deny so that these hosts will be blocked from further access to the machine.
Since the server in question is running FreeBSD, which uses a combined allow/deny syntax in
hosts.allow and doesn’t use
hosts.deny, I had to modify the DenyHosts script script slightly to get it to work in the FreeBSD context. Basically, I configured DenyHosts to write to a dummy
hosts.deny file and then wrapped it in a
cron(8) script to concatenate this dummy file with a
hosts.allow.template file. Thus
hosts.allow is dynamically generated with the dynamic deny rules first and the static allow rules last.
It seems to be working so far. 🙂
Update from the comments: FreeBSD is now supported in the latest version of DenyHosts.