Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 11-15-2008, 05:19 PM   #1
LQ Newbie
Registered: Jul 2007
Posts: 4

Rep: Reputation: 0
Exclamation create a rpm for sshdfilter

Hello All,

I am wanting to create a rpm for sshdfilter. I know it can be done, its just a matter of programing the install files. I am currently workings on the .spec file and stuck. The compressed file is found here.
Summary: ssh brute force attack blocker
Name: sshdfilter
Version: 0.1.0alpha1
Release: 1.5.5
License: GPL
Group: Security

BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root

Requires: iptables
Requires: sshd
Requires: logwatch

sshdfilter blocks the frequent brute force attacks on ssh daemons, it does this by directly reading the sshd logging output (or sysl
og output) and generating iptables (or ipfw) rules, the process can be quick enough to block an attack before they get a chance to e
nter any password at all. The blocking policy is defined by a list of blockrules largely by user name or by the type of user name. T
here are two install routes, the old style sshdfilter starts sshd itself, having started sshd with the -e and -D options. The newer
style uses a syslog configuration line that writes sshd messages to a dedicated named pipe, normally /var/log/sshd.fifo. Regardless,
this means sshdfilter can see events as they happen and act on them as they happen. sshdfilter then looks for lines of the form:

Did not receive identification string from x.x.x.x
Illegal user x from x.x.x.x
Failed password for illegal user x from x.x.x.x port x ssh2
Failed password for x from x.x.x.x port x ssh2

When sshd produces any of these messages, the response of sshdfilter is defined by the configuration file /etc/sshdfilterrc. The def
ault configuration file defines the first message as in instant block event that will install an iptables rule dropping that IP. The
other lines are given 3 chances (ie. this chance and two more) before an iptables dropping rule is generated and their IP is blocke

%setup -q

* Sat Nov 15 2008 - travisray2004 at gmail dot com 0.1.0alpha1
- Initial release.
Currently need to work on the build/install/clean parts. Anyhelp is much appreciated.
Old 11-16-2008, 02:19 PM   #2
Registered: Aug 2007
Posts: 122

Rep: Reputation: 17
You could get a good idea from here:

P.S. There are ready-built RPMs for Mandriva at least and possibly other distros.
Old 11-16-2008, 03:42 PM   #3
LQ Newbie
Registered: Jul 2007
Posts: 4

Original Poster
Rep: Reputation: 0
Originally Posted by BlueC View Post
You could get a good idea from here:

P.S. There are ready-built RPMs for Mandriva at least and possibly other distros.
Thanks. I wasn't sure if I could change it to Fedora based system. I will check it out. Thanks.


building, rpm

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Create RPM Packages siva19185 Linux - Newbie 1 07-02-2008 10:59 AM
how to create a RPM jp-lack Linux - General 1 05-04-2007 06:57 AM
Create Rpm sjacobs Linux - Software 0 11-03-2005 07:19 AM
how to create .rpm package shalin Programming 1 07-13-2004 10:12 AM
how to create RPM Package shalin Programming 0 03-09-2004 11:04 PM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 07:29 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration