Daemon Shield is a Linux intrusion prevention daemon that scans for brute force break-in attacks in real time and uses iptables to create rules that block the attackers' IP addresses for a configurable period of time. It is highly configurable through a central configuration file. It loads existing blocklist rules into iptables on startup, and removes the blocklist rules when it shuts down. Other major features include background daemon operation, logging to syslog, easy-to-extend handlers, configurable block duration, and email notifications.
This release has been tested on RHEL ES 4 and ES 3 with Python 2.3 installed. Currently, SSH and PAM handlers are functional and enabled by default. The pam handler should block any attacks against pam-enabled services. A handler for Apache is planned for future releases.
New for version 0.4.0: All of the required ip chains and rules are now created upon startup and removed upon shutdown automatically, without file editing by hand. The init script should no longer depend on an RHEL-based distribution. The configure script now has a --with-python option in order to accomodate multiple installed python distributions. More documentation has been written, including some information on installing python 2.3. See the documentation and changelog for details.