Package: fail2ban Version: 0.10.0a1+git.1478856585.ea4c1f6-1.1 Architecture: all Maintainer: Yaroslav Halchenko Installed-Size: 1473 Depends: python3:any (>= 3.3.2-2~), init-system-helpers (>= 1.18~), lsb-base (>= 2.0-7) Recommends: python, iptables, whois, python3-pyinotify, python3-systemd Suggests: mailx, system-log-daemon, monit Filename: ./all/fail2ban_0.10.0a1+git.1478856585.ea4c1f6-1.1_all.deb Size: 300436 MD5sum: 0f897cf81f19f491468ef9be22dcb1bf SHA1: 489e0e2c664c6cb8bba0183884ab43533f009757 SHA256: 1871a38171b03ab1eb1c86771a4e9d55bbd5742af27aeb147d306c160c2ccf0c Section: net Priority: optional Homepage: http://www.fail2ban.org Description: ban hosts that cause multiple authentication errors Fail2ban monitors log files (e.g. /var/log/auth.log, /var/log/apache/access.log) and temporarily or persistently bans failure-prone addresses by updating existing firewall rules. Fail2ban allows easy specification of different actions to be taken such as to ban an IP using iptables or hostsdeny rules, or simply to send a notification email. . By default, it comes with filter expressions for various services (sshd, apache, qmail, proftpd, sasl etc.) but configuration can be easily extended for monitoring any other text file. All filters and actions are given in the config files, thus fail2ban can be adopted to be used with a variety of files and firewalls. Following recommends are listed: . - iptables -- default installation uses iptables for banning. You most probably need it - whois -- used by a number of *mail-whois* actions to send notification emails with whois information about attacker hosts. Unless you will use those you don't need whois - python3-pyinotify -- unless you monitor services logs via systemd, you need pyinotify for efficient monitoring for log files changes Package: psad Version: 2.4.3+git.1450557392.1eb052c-1.1 Architecture: amd64 Maintainer: Franck Joncourt Installed-Size: 694 Depends: libc6 (>= 2.4), perl, libunix-syslog-perl, iptables, rsyslog | system-log-daemon, libnet-ip-perl, libdate-calc-perl, libcarp-clan-perl, whois, psmisc, libiptables-parse-perl, libiptables-chainmgr-perl, default-mta | mail-transport-agent, bsd-mailx | mailx | mailutils, lsb-base Suggests: fwsnort Filename: ./amd64/psad_2.4.3+git.1450557392.1eb052c-1.1_amd64.deb Size: 156086 MD5sum: 2ec23238940dac11667f1cd3f87dd8e8 SHA1: 7427362196ae4576cfe6560c4afc2fd03c05bcfd SHA256: 13860b52eb4ceaddc73df87c2ce4e3c916347475f22f6cacfab3bd41c6d3efb6 Section: admin Priority: optional Homepage: http://www.cipherdyne.org/psad/ Description: Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data. Package: psad Version: 2.4.3+git.1450557392.1eb052c-1.1 Architecture: i386 Maintainer: Franck Joncourt Installed-Size: 698 Depends: libc6 (>= 2.4), perl, libunix-syslog-perl, iptables, rsyslog | system-log-daemon, libnet-ip-perl, libdate-calc-perl, libcarp-clan-perl, whois, psmisc, libiptables-parse-perl, libiptables-chainmgr-perl, default-mta | mail-transport-agent, bsd-mailx | mailx | mailutils, lsb-base Suggests: fwsnort Filename: ./i386/psad_2.4.3+git.1450557392.1eb052c-1.1_i386.deb Size: 156672 MD5sum: 036dbbb5c67c1e8841079d4e4b550051 SHA1: d0e3ac3571339973dc07ce07de693fc279428d4e SHA256: 9f0d0352392eb7a5fb5089a7757866cb5e7d715093a42f3cb961c91c6cf3b5f8 Section: admin Priority: optional Homepage: http://www.cipherdyne.org/psad/ Description: Port Scan Attack Detector PSAD is a collection of four lightweight system daemons (in Perl and C) designed to work with iptables to detect port scans. It features: * a set of highly configurable danger thresholds (with sensible defaults provided); * verbose alert messages that include the source, destination, scanned port range, beginning and end times, TCP flags, and corresponding Nmap options; * reverse DNS information; * alerts via email; * automatic blocking of offending IP addresses via dynamic firewall configuration. . When combined with fwsnort and the iptables string match extension, PSAD is capable of detecting many attacks described in the Snort rule set that involve application layer data.