Hi all,

I am attempting to install sshdfilter on my ubuntu 10.4 LTS machine. This package is supposed to block ssh-bruteforce attacks. It does that by adding blocking rules to iptables when multiple bad ssh logins are detected, and blocks the ip that initiated them.

This package usually relies on /var/log/sshd.fifo, but in ubuntu the file is called /var/log/auth.log, so I created a symlink

sudo ln -s /var/log/auth.log /var/log/sshd.fifo

After doing that I continued the installation by the excellent instructions here.
Unfortunately, I have no idea how to test if it is really working! :-(
Any ideas hot to test it?

Thanks a log,
-R

Recommended Answers

All 3 Replies

Hello,

I tried that sshdfilter and found denyhosts to be a much easier application to install and configure. And it works.

Thanks, I'll try it and report back. I'm starting to think that sshdfilter is just too much trouble for debian-based distros.

Ok thanks. I actually found fail2ban a bit more ubuntu-friendly.
-R

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.