Artillery v0.3 Alpha Released
Artillery is a honeypot/monitoring/prevention tool used to protect Linux-based systems. Artillery will setup multiple ports on the nix system and if anything touches it will automatically blacklist them. In addition, it monitors the filesystem for changes and emails the changes back to you. It also detects SSH brute force attacks and automatically blocks them as well.
This was a combination of user submitted enhancements, fixes, and others as well as new feature additions. I’ve added the ability to use any SMTP address versus just being able to do GMAIL. In addition, the banning messages are a bit more description on why a specific IP address was banned.
Changelog v0.3 Alpha
- added a check for ssh brute force on or off.. this was never implmeneted (thanks Jeff Bryner)
- fixed a bug that referenced iptables chain INPU instead of ARTILLERY (thanks Jeff Bryner)
- added the artillery chain to INPUT each time artillery starts (thanks Jeff Bryner)
- cleaned up some old code in honeypot.py that was no longer needed
- added better descriptions around why a specific IP address would be blocked
- added timestamp data to when IP addresses are blocked in both email notifications as well as standard log under /var/artillery/log/
- added support for SMTP versus just gmail… its gmail out of the box however can configure any SMTP server now
- added a check in artillery for ssh brute on or off
Download Artillery v0.3 Alpha