Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
A PAM module to automatically block IP addresses which try brute-force password guessing.
C Shell
Failed to load latest commit information.
cron.daily Put cron job in a cron directory; pam-auth config into its own direct…
man Update project URL in man pages
pam-configs Put cron job in a cron directory; pam-auth config into its own direct…
scripts Put the shield-trigger scripts in their own subdirectory
COPYING Rename GPL file to the more usual COPYING
CREDITS Add Carl to CREDITS
Changelog Update 0.9.6 release date in changelog
INSTALL Put cron job in a cron directory; pam-auth config into its own direct…
Makefile.am Put cron job in a cron directory; pam-auth config into its own direct…
README Note new maintainer
autogen.sh
configure.ac Change the name in autoconfr from pam_shield to pam-shield, make debi…
pam_shield.c Update copyright statements, version numbers in source files
pam_shield.h Import tarball from 0.9.2
pam_shield_lib.c Update copyright statements, version numbers in source files
pam_shield_lib.h remove "not a true library" note; it is one!
shield.conf Put examples in shield.conf to use ufw, iptables to block.
shield_purge.c Update copyright statements, version numbers in source files

README

pam_shield by Walter de Jong <walter@heiho.net> and Jonathan Niehof
<jtniehof@gmail.com>, copyright 2007-2012.

Walter and I started co-maintaining in 2010. As I have been unable to
contact him, I am continuing development on my own. My latest version
will be available on my github page, https://github.com/jtniehof/pam_shield

pam_shield COMES WITH NO WARRANTY. pam_shield IS FREE SOFTWARE.
pam_shield is distributed under terms described in the GNU General Public
License.

See the INSTALL file for information on how to install pam_shield.


pam_shield is a PAM module that uses iptables or null-routing to lock out
script kiddies that probe your computer for open logins and/or easy guessable
passwords. pam_shield is meant as an aid to protect public computers on the
open internet.

Everybody knows it is unwise to leave computers largely unprotected
connected to the internet. However, there are cases in which this is still
common practice. For exampe, academic sites with hundreds of users often
have a policy of allowing logins from over the world. They are under
constant attack by "kiddies" trying to break in to the system by
password guessing. pam_shield aims to detect and block these "kiddies".


(Not So) Random Remarks
-----------------------
 * pam_shield is a PAM (Pluggable Authentication Module). When used
   inappropriately, your system might be at risk. Use with care.

 * pam_shield blocks IPs. This means that when it blocks a multi-user
   system, it blocks all users from that system.
   For example, it may happen that an attacker is performing his
   attack from a university system, from which many students connect.
   By blocking the attacker, all students get blocked as well. This should
   be no problem, but you should be aware that this can happen.

 * pam_shield works by counting login attempts coming from a remote host
   during a period of time. If there are too many attempts, it triggers
   and blocks the remote host.

 * To block and unblock IPs, pam_shield runs the shield-trigger script.
   By default, it uses null-routing to block hosts.
   A script for using iptables is also provided, but you should customize
   this script to fit your situation if you decide to use it.

 * similar tools are daemon_shield and BlockHosts, which work by scanning
   system logs. pam_shield works with PAM and a gdbm database.

 * pam_shield is by no means THE solution for all your security problems.
   Always remain on guard.


See Also
--------
 * iptables homepage: http://www.netfilter.org/

 * Linux PAM documentation:
   http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/Linux-PAM_SAG.html

 * fail2ban: http://www.fail2ban.org/

 * daemon_shield: https://sourceforge.net/projects/daemonshield/

 * BlockHosts: http://www.aczoom.com/cms/blockhosts/


Greets,

     --Walter

EOB
Something went wrong with that request. Please try again.