Sentry – free and open source tool which detects and prevents brute force attacks against ssh, ftp, smtp and more. Sentry is written in perl.
Supporting OS (operating system)
- Mac OS X
- Linux (CentOS, Debain, Ubuntu)
bash || sh
curl -O $SENTRY_URL || wget $SENTRY_URL || fetch --no-verify-peer $SENTRY_URL
perl sentry.pl --update
- create the sentry database (if needed)
- install the perl script (if needed)
- prompt you to edit /etc/hosts.allow (if needed)
- blacklist – deny all future connections
- whitelist – whitelist all future connections, remove the IP from the blacklists, and make it immune to future connection tests.
- delist – remove an IP from the white and blacklists. This is useful for testing that sentry is working as expected.
- connect – register a connection by an IP. The connect method will log the attempt and the time. See CONNECT.
- update – Installs and update if a newer version is available. This is most reliable when LWP::UserAgent is installed.
How does it works?
When new connections arrive, the connect method will log the attempt and the time. If the IP is whitelisted or blacklisted, sentry exits immediately.
Next, sentry checks to see if the IP has been seen more than 3 times. If so, check the logs for successful, failed, and naughty attempts from that IP. If there are any successful logins, whitelist the IP and exit.
If there are no successful logins and there are naughty ones, blacklist the IP. If there are no successful and no naughty attempts but more than 10 connection attempts, blacklist the IP. See also NAUGHTY.