On a tip from the news site RootPrompt, I discovered a small security utility called DenyHosts which is for Linux systems to help thwart ssh server attacks. It examines the sshd logs and looks for multiple failed login attempts. It then collects the IP addresses of the offending hosts and writes them out to /etc/hosts.deny so that these hosts will be blocked from further access to the machine.
Since the server in question is running FreeBSD, which uses a combined allow/deny syntax in hosts.allow and doesn’t use hosts.deny, I had to modify the DenyHosts script script slightly to get it to work in the FreeBSD context. Basically, I configured DenyHosts to write to a dummy hosts.deny file and then wrapped it in a cron(8) script to concatenate this dummy file with a hosts.allow.template file. Thus hosts.allow is dynamically generated with the dynamic deny rules first and the static allow rules last.
It seems to be working so far. 🙂
Update from the comments: FreeBSD is now supported in the latest version of DenyHosts.
2 replies on “DenyHosts on FreeBSD”
Would it be possible to have you post the modified script? It would be invaluable.
The soon-to-be-released next version of DenyHosts (0.7) should work well out-of-the-box with FreeBSD based on feedback I have received from a FreeBSD user.
I’ve updated the FAQ which now includes information about the FreeBSD support:
http://denyhosts.sourceforge.net/faq.html#freebsd