Hawk is a lightweight log analyzer which was designed to be fast and efficient. It scans log files on the fly and bans IP that makes too many password failures. It adds iptables rules to reject the IP addresses. You can define the logfiles. What makes Hawk better then the other solutions out there is its unique Web Interface and its flexibility. Hawk currently supports: sshd dovecot courier pure-ftpd proftpd cPanel DirectAdmin Postfix Exim with dovecot auth Installation CentOS: 1. rpm -Uvh hawk-7.2-1.src.rpm 2. Setup iptables or ipset 2.1. For ipset, create a new ipset and add its name in /etc/hawk/hawk.conf on the ipset_name line. 2.2. For iptables, you can either create the chain by your self and set its name in hawk.conf or you can use /usr/share/hawk/setup_iptables.sh helper script, to do that for you. 3. systemctl start hawk
hackman/Hawk-IDS-IPS
A simple log analyzer which detects bruteforce attempts and prevents them by addin iptables rules.
PerlGPL-2.0