https://bugzilla.redhat.com/show_bug.cgi?id=1260845 Bug ID: 1260845 Summary: Review Request: sshguard - Protect hosts from brute-force attacks Product: Fedora Version: rawhide Component: Package Review Severity: medium Priority: medium Assignee: nobody@xxxxxxxxxxxxxxxxx Reporter: konrad@xxxxxxxxxx QA Contact: extras-qa@xxxxxxxxxxxxxxxxx CC: package-review@xxxxxxxxxxxxxxxxxxxxxxx Spec URL: https://konradm.fedorapeople.org/fedora/SPECS/sshguard.spec SRPM URL: https://konradm.fedorapeople.org/fedora/SRPMS/sshguard-1.5-1.fc22.src.rpm Description: sshguard protects hosts from brute-force attacks against SSH and other services. It aggregates system logs and blocks repeat offenders using iptables. sshguard can read log messages from standard input (suitable for piping from syslog) or monitor one or more log files. Log messages are parsed, line-by-line, for recognized patterns. If an attack, such as several login failures within a few seconds, is detected, the offending IP is blocked. Offenders are unblocked after a set interval, but can be semi-permanently banned using the blacklist option. Fedora Account System Username: konradm N.B.: Sshguard monitors /var/log/secure and depends on rsyslog because it was not obvious how to get plaintext out of systemd-journald in a single path; with a small patch to sshguard we could drop the rsyslog dependency. N.B. 2: I've chosen to integrate sshguard with firewalld via IN_public_deny rather than trying to have it work standalone and with firewalld. The only downside here is that server users may grumble about having to run firewalld. N.B. 3: Not a lot of configuration available / relevant for this service! There are a few knobs specified as command line options we *could* expose to admins, but the defaults are pretty reasonable. Rpmlint is clean, modulo mistaken spelling errors on 'syslog' and 'systemd'. This is my first systemd .unit file, any feedback is appreciated. -- You are receiving this mail because: You are on the CC list for the bug. You are always notified about changes to this product and component _______________________________________________ package-review mailing list package-review@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/package-review