Mon, 06 Jun 2005
Denyhosts parses your log files and adds ssh attack automated attack attempts to tcp_wrappers' /etc/hosts.deny. This is the same concept as this little shell script I cooked up. Of course my little script was derived from another script specific to openbsd and it's pf firewall.
Denyhosts is pretty much the same idea as mine but it uses python rather than a shell script. Python is common enough on most platforms but some non-linux platforms may not have it within installing 3rd party resources. The attacks on non-vulnerable machines with sshd running are harmless enough, but the extra layer can't hurt. And if a later vuln is discovered, you've already got a list of compromised hosts blocked out via tcp_wrappers.