Service Guardian is a software that aims to protect servers against various things such as connection floods and resource exhaustion.
It can measure the number of connections to servers' ports and, after a grace time period, compares and sees if the host is still in violation of the specified settings. If a host is in violation of the settings, it will be filtered out and dropped via netfilter/iptables.
Configuration and program features:
Running "service-guardian --protect" will protect the configured servers and ports according to the settings. Option: "--daemon" makes the process run in the background.
If a connecting client is not configured as either a "GOOD HOST" or apart of a "GOOD NET" and it connects equal to or greater then the MAX_CONNECT_THRESHOLD to our protected hosts and ports during a specified grace time the host will be logged and denied connections using iptables.
The program log is located here: /var/log/service-guardian.log
Dropped hosts are also logged in /var/log/service-guardian-dropped-hosts Running "service-guardian --undrop ALLHOSTS" will allow connections from all blocked hosts again. Do not edit the dropped hosts file manually.
By default it will allow access for all hosts in the specified release_interval. This can be changed by editing the configuration file located here: /etc/service-guardian.conf
What's New in This Release: [ read full changelog ]
· Added better signal handling.
· *drop* has been changed to *block* for program options
· and the logfile. Added --verbose mode.
· The ADD-RESOLVERS keyword can now be used in the
· good hosts section to automatically define the
· systems resolv.conf DNSes as non-blockable targets.
Added a fast attack scan detector and blocker:
The following options where added:
· BLOCKED_PORTS BLOCKED_MAX_PORT_HITS
· BLOCKED_PROTOCOLS BLOCKED_PACKET_COUNT