head	1.1;
access;
symbols
	RELEASE_8_3_0:1.1
	RELEASE_9_0_0:1.1
	RELEASE_7_4_0:1.1
	RELEASE_8_2_0:1.1
	RELEASE_6_EOL:1.1
	RELEASE_8_1_0:1.1
	RELEASE_7_3_0:1.1
	RELEASE_8_0_0:1.1
	RELEASE_7_2_0:1.1
	RELEASE_7_1_0:1.1
	RELEASE_6_4_0:1.1
	RELEASE_5_EOL:1.1
	RELEASE_7_0_0:1.1
	RELEASE_6_3_0:1.1
	PRE_XORG_7:1.1
	RELEASE_4_EOL:1.1
	RELEASE_6_2_0:1.1
	RELEASE_6_1_0:1.1
	RELEASE_5_5_0:1.1;
locks; strict;
comment	@# @;


1.1
date	2005.11.11.06.45.58;	author vanilla;	state Exp;
branches;
next	;


desc
@@


1.1
log
@Add denyhosts 1.1.2, script to thwart ssh attacks.

PR:		ports/88781
Submitted by:	Janos Mohacsi <janos.mohacsi.at.bsd.hu>
@
text
@DenyHosts is a script intended to be run by *ix system administrators to 
help thwart ssh server attacks.

If you've ever looked at your ssh log (/var/log/auth.log ) you may be alarmed 
to see how many hackers attempted to gain access to your server. 
Denyhosts helps you:
- Parses /var/log/auth.log to find all login attempts
- Can be run from the command line, cron or as a daemon (new in 0.9)
- Records all failed login attempts for the user and offending host
- For each host that exceeds a threshold count, records the evil host
- Keeps track of each non-existent user (eg. sdada) when a login attempt failed.
- Keeps track of each existing user (eg. root) when a login attempt failed.
- Keeps track of each offending host (hosts can be purged )
- Keeps track of suspicious logins 
- Keeps track of the file offset, so that you can reparse the same file
- When the log file is rotated, the script will detect it 
- Appends /etc/hosts.allow
- Optionally sends an email of newly banned hosts and suspicious logins.
- Resolves IP addresses to hostnames, if you want

WWW:	http://denyhosts.sourceforge.net/
@
