[blfs-dev] deny-ssh (SSH brute-force blacklisting)

Qrux qrux.qed at gmail.com
Fri Feb 24 20:29:06 PST 2012

I'm not sure where the book stands on scripts-as-software, but I've written a set of scripts (that can run as a daemon or just as a scanning-only-tool) that creates entries in /etc/hosts.deny for folks who have tcpwrappers-enabled SSH servers running on public IPs:


There the script that does the work, a script that "daemonizes" that one, and a bootscript.  Of course I know about DenyHosts (which inspired what I did), but I dislike bloat, and a shell-script version appealed to me (and perhaps other "minimalists" who use LFS/BLFS).


More information about the blfs-dev mailing list