tallow

Scans for attempted SSH logins, issues temporary IP bans for clients that violate login patterns using the journald API.

Made by Unknown Author

0
Website

  • security-utilities

What is tallow?

Tallow is a tool that uses the systemd journal API to monitor and block attempted brute-force attacks on SSH services. It scans the system logs for patterns indicative of SSH login attempts and applies temporary IP bans to clients that exhibit suspicious activity, effectively mitigating the risk of unauthorized access. Unlike traditional tools that rely on external services or batch file processing, Tallow leverages the native journald functionality to provide a streamlined and efficient solution for SSH protection

Highlights

  • Uses systemd's journal API to analyze system logs for SSH login attempts
  • Applies temporary IP bans to clients exhibiting patterns of suspicious login activity
  • Provides a native, integrated solution without relying on external services or batch processing
  • Offers an alternative to traditional tools like fail2ban and lard for SSH protection

Platforms

  • GitHub
  • Linux

Languages

  • English

Features

    • SSH

    • Support for TOR