Daemon Shield 0.4.0

Find IPs of crackers and kiddies attempting to break in. Creates iptables rules to block attackers IPs for a specified period of time.
It works by using handlers which are created to watch for attacks against a given service, such as ssh, telnet, ftp, etc. The handlers can be enabled or disabled on a case-by-case basis.
Each handler defines its logfile, search pattern, trigger threshold, and method of determing attacking IPs. When a list of IPs to be dropped is created, it uses a customizable iptables rule to block those IPs from any type of connection to the host.
After the given blocktime, the iptable rule is deleted. The handlers only looks at the logfiles lines that are within a given window of time, from the present till a user-definable amount of seconds back in time.
Currently, ssh and pam modules are functional and enabled by default. The pam handler watches for any "authentication failure" lines and operates accordingly, so it should block any attacks against pam-enabled service.
Main features:
- Creates iptables log & reject rules against attackers IPs.
- Background daemon continuously watches logfiles for activity.
- Logs to syslog.
- Modular attack monitors, easy to extend to other services.
- Block rules expire after specified period of time.
- Blocklist file also serves as log for blocklist activity.
- Email notification for IP block rule creation.
- Retains blocklists from one process to the next.
- Iptable rules are dynamic. They dissappear when the daemon stops and are reloaded when the daemon restarts.
- Only 1 instance of daemonshield will run at one time.