Pam_shield Succeeding blockhosts.py
I’ve since a while back suggested blockhosts to customers who are unable to use firewalls for one reason or another (not always entirely sure what they could be!) but still want to stop brute force attacks on various services.
Just download the tarball, extract it, install gdbm-devel and pam-devel (on RHEL/CentOS machines) and compile it. Then edit
/etc/security/shield.conf to your liking. The defaults are alright, but you mightwant to put another network in the allow-list. After that stick:
auth optional pam_shield.so at the top of
/etc/pam.d/sshd and you’re good to go.
While you test this, I suggest you either use a callback script or set the retention ridiculously low just in case you accidentally lock yourself out. By default, pam_shield null routes offending ips. Should you wish to unblock an IP blocked by mistake, firstly apply appropriate lart to the user in question, then run:
to drop the null route from the routing table. This said, I have yet to look at a few other solutions out there, such as Fail2Ban, but I really have yet to read or hear anything about it which would sway me away from pam_shield