h0tw1r3 / pam_shield Goto Github PK
View Code? Open in Web Editor NEWA PAM module to automatically block IP addresses which try brute-force password guessing.
License: GNU General Public License v2.0
A PAM module to automatically block IP addresses which try brute-force password guessing.
License: GNU General Public License v2.0
pam_shield Copyright (C) 2007-2024 Walter de Jong <[email protected]> Jonathan Niehof <[email protected]> Jeffrey Clark <[email protected]> pam_shield COMES WITH NO WARRANTY. pam_shield IS FREE SOFTWARE. pam_shield is distributed under terms described in the GNU General Public License. See the INSTALL file for information on how to install pam_shield. pam_shield is a PAM module that uses iptables or null-routing to lock out script kiddies that probe your computer for open logins and/or easy guessable passwords. pam_shield is meant as an aid to protect public computers on the open internet. Everybody knows it is unwise to leave computers largely unprotected connected to the internet. However, there are cases in which this is still common practice. For exampe, academic sites with hundreds of users often have a policy of allowing logins from over the world. They are under constant attack by "kiddies" trying to break in to the system by password guessing. pam_shield aims to detect and block these "kiddies". (Not So) Random Remarks ----------------------- * pam_shield is a PAM (Pluggable Authentication Module). When used inappropriately, your system might be at risk. Use with care. * pam_shield blocks IPs. This means that when it blocks a multi-user system, it blocks all users from that system. For example, it may happen that an attacker is performing his attack from a university system, from which many students connect. By blocking the attacker, all students get blocked as well. This should be no problem, but you should be aware that this can happen. * pam_shield works by counting login attempts coming from a remote host during a period of time. If there are too many attempts, it triggers and blocks the remote host. * To block and unblock IPs, pam_shield runs the shield-trigger script. By default, it uses null-routing to block hosts. A script for using iptables is also provided, but you should customize this script to fit your situation if you decide to use it. * similar tools are daemon_shield and BlockHosts, which work by scanning system logs. pam_shield works with PAM and a gdbm database. * pam_shield is by no means THE solution for all your security problems. Always remain on guard. See Also -------- * iptables homepage: http://www.netfilter.org/ * Linux PAM documentation: http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html * fail2ban: http://www.fail2ban.org/ * daemon_shield: https://sourceforge.net/projects/daemonshield/ * BlockHosts: http://www.aczoom.com/cms/blockhosts/ History ------- 2007 Walter de Jong created pam_shield. 2010 Walter and Jonathan Niehof started co-maintaining. 2012 Jonathan became the primary maintainer. 2022 Jeffrey Clark became the primary maintainer.
Hello,
Just tried pam-shield module, and thank you for it.
I open this issue because there is a wrong test syntax in "shield-trigger-iptables" script at lines 37 and 45.
These tests have to use the = (equal sign) operator, and not == (double equal sign). If not the script fails.
Reference : https://linuxcommand.org/lc3_man_pages/testh.html
Regards.
Hello,
I use pam_shield since few months now.
I've noticed that as iptables rules are added (reached 440 in my case), the download bandwidth reduces progressively.
For example I lose around 400MB on speed tests, Curl download, ...
For those interested in I modified the "shield-trigger-iptables" script so it can cope with "ipset" netfilter extension if installed.
With ipset there is no more bandwidth penalty as only one rule is needed and all blacklisted ip are stored in an indexed manner (https://ipset.netfilter.org/index.html)
The modified script is attached : shield-trigger-iptables-mod.zip
Regards.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.