Breakinguard was created because I couldn't find another, simple tool that would just do the job, and not want to take over my server, or need a lengthy configuration. Minimal requirements on each server too is a bonus.
So The solution was to knock together this perl script. Perl being used as its very common on most server, and generally is flexible for extra packages or add-ons.
The package itself is very small, uses little memory and system resources, which allows it to run on almost any server, even the most resource hungry.
It only uses two perl modules, File::Tail and IO::Socket. Both are very common, and can be easily installed via CPAN
The Package itself does a 'tail -f' of your syslog, and when it identifies a matching line within your logs, it logs this 'attempt'. If more than the pre-defined number of attempts from the same IP address are received it triggers the iptables (or any other block method defined) block and also emails you notification.
Future enhancements are to remove blocks after a pre-defined period, as typically the IPs that are 'attacking' you are spoofed or from other zombied PCs, so removing the block after it has passed would make sense.
The ./configure script is a basic shell script that checks and if required installs the perl modules via CPAN.
The package is finally installed as /usr/local/sbin/breakinguard.
After install, you must edit the /usr/local/sbin/breakinguard script to set your safe IP addresses (which will never be blocked), your email address (for notifications) and verify the block commands for your machine/distribution.
If you have any queries, or questions, feel free to email me, or contact me through the sourceforge system. <andy @ thebmwz3.co.uk>
- This site is generously hosted by sourceforge.net