Daemon Shield
Details
| Size: | 0K |
| Last Update: | 2008-05-25 21:47:48 |
| Version: | 0.4.0 |
| OS Support: | Linux |
| License/Program Type: | GPL (GNU General Public License) |
| Publisher: | Chuck Sharp |
| Price: | $0.00 |
Description:
Daemon Shield 0.4.0 is networking software developed by Chuck Sharp.
Find IPs of crackers and kiddies attempting to break in. Creates iptables rules to block attackers' IPs for a specified period of time.
It works by using handlers which are created to watch for attacks against a given service, such as ssh, telnet, ftp, etc. The handlers can be enabled or disabled on a case-by-case basis.
Each handler defines its logfile, search pattern, trigger threshold, and method of determing attacking IPs. When a list of IPs to be dropped is created, it uses a customizable iptables rule to block those IPs from any type of connection to the host.
After the given blocktime, the iptable rule is deleted. The handlers only looks at the logfile's lines that are within a given window of time, from the present till a user-definable amount of seconds back in time.
Currently, ssh and pam modules are functional and enabled by default. The pam handler watches for any "authentication failure" lines and operates accordingly, so it should block any attacks against pam-enabled service.
Here are some key features of "Daemon Shield":
Creates iptables log & reject rules against attacker's IPs.
Background daemon continuously watches logfiles for activity.
Logs to syslog.
Modular attack monitors, easy to extend to other services.
Block rules expire after specified period of time.
Blocklist file also serves as log for blocklist activity.
Email notification for IP block rule creation.
Retains blocklists from one process to the next.
Iptable rules are dynamic. They dissappear when the daemon stops and are reloaded when the daemon restarts.
Only 1 instance of daemonshield will run at one time.
Requirements:
Daemonshield requires Python 2.3 or greater. It also requires iptables, and therefore will only work on linux kernels 2.4 or greater.
Installation:
1. To install the files for this program, run the following commands as root:
./configure
make install
2. Edit /etc/sysconfig/iptables
2a. Add the following line to the list of iptables chains:
:Kiddies - [0:0]
2b. Add the following lines to the end of the file:
-A Kiddies -j LOG --log-level info --log-prefix "Dropped IP: " -m limit --limit 1/m
-A Kiddies -j DROP
3. Edit daemonshield.conf to your taste
4. To run daemonshield upon startup and shutdown (on redhat systems, anyway),
touch /var/lock/subsys/daemonshield
chkconfig --levels=345 daemonshield on
5. To start the daemon, run '/etc/init.d/daemonshield start'
Daemon Shield 0.4.0 supports english interface languages and works with Linux.
Downloading Daemon Shield 0.4.0 will take if you use fast ADSL connection.
0 comments
Add to
Daemon Shield Version History
Related Software
|
|
From category: Monitoring |
| blq 1.23 is monitoring software developed by Chip Rosenthal. blq is a Perl script that queries one or more lists, such as the MAPS RBL or MAPS DUL, to determine if a host is listed as a potential s... |
|
|
From category: Networking |
| Butterly Personal Edition 1.0 is networking software developed by Digital Solutions. Butterly Personal Edition is a timing system designed for environments in which time spent on the Internet is ch... |
|
|
From category: Networking |
| Access Point Utilities for Unix 1.5.1 pre3 is networking software developed by roma. Wireless Access Point Utilites for Unix is a set of utilites to configure and monitor Wireless Access Points und... |
|
|
From category: Operating-Systems-Other |
| Cooperative Linux 0.6.4 is operating systems other software developed by Dan Aloni. Cooperative Linux is the first working free and open source method for optimally running Linux on Microsoft Windo... |
|
|
From category: Operating-Systems-Linux-Distri |
| Annvix 1.2 is operating systems linux distri software developed by Annvix Team. Annvix is a secure Linux server distribution. The goal is to provide an easy-to-use server distribution with high sec... |
|
|
From category: Networking |
| BlockIt 1.4.3a is networking software developed by Hugo Samayoa. BlockIt monitors the Snort alert file and creates either IPTables, IPChains, IPFWADM, IPFilter, PF, or Checkpoint Firewall rules. \... |
|
|
From category: Operating-Systems-Kernels |
| FreeVPS 1.5-8 is operating systems kernels software developed by Positive Software Corporation. FreeVPS is a free Linux-based software implementing virtual servers technology, a cost-effective and... |
|
|
From category: Backup |
| Backup Monitor 1.2.0 is backup software developed by Matt Freitag. Backup Monitor is an rsync backup front-end with a Web interface, which emails reports with an attached summary or logfile. \... |
|
|
From category: Clustering-and-Distributed-Networks |
| Java Parallel Processing Framework is a set of tools and APIs to facilitate the parallelization of CPU intensive applications.... |
|
|
From category: Operating-Systems-Linux-Distri |
| ClusterKnoppix 3.6 is operating systems linux distri software developed by Wim Vandersmissen. ClusterKnoppix is a modified Knoppix distro using the OpenMosix kernel. Here are some key featur... |
|
|
From category: Networking |
| barnyard 0.2.0 is networking software developed by Andrew R. Baker. barnyard is a fast output system for Snort. The \"generic\" notes for putting this thing together are below. You can see here th... |
|
|
From category: Filesystems |
| cvsfs 1.1.9 is filesystems software developed by pfrank. This provides a package which presents the CVS contents as mountable file system. It allows to view the versioned files as like they were or... |
|
|
From category: Monitoring |
| File Activity Viewer 0.2.0 is monitoring software developed by pupeno. File Activity Viewer opens a file and shows you the last lines (this is configurable) and then keeps waiting for changes in th... |
|
|
From category: Operating-Systems |
| eyeOS is a free, cross-platform Personal Content Manager System based upon the style of a Desktop Operating System.... |
|
|
From category: Benchmarks |
| coNCePTuaL 0.8.1 is benchmarks software developed by Scott Pakin. coNCePTuaL software is a tool designed to facilitate rapidly generating programs that measure the performance and/or test the corre... |
Leave a comment