Banning IPs & MACs after too many unsuccessful login attempts 1976

On Thu, 03 Aug 2006 02:37:16 -0700, composlinuxmisc

portsentry is an interactive firewall. If it sees too many attempts on a port, too often, it inserts a rule into the firewall to deny the offending machine. Seems pretty much what you asked for. Be careful though, if you do remote login into your machine, you (or someone else) can EASILY deny access to yourself. I used portsentry for a while, then I stopped using it, when I locked myself out remotely.

For the part about being notified when someone "knocks" at your door, I think there would have to be a mechanism in iptables that rings a bell when something like that happens, but I doubt there is one. Have you looked at the logs? Have you seen how many unwanted visitors per minute your firewall rejects? I don't think you want to be bothered with that 10 times a minute, just have a good security policy that drops by default everything, and allows only a handful of connections, that you absolutely need.

As for the part about accessing beyond the home directory, what license files do you have that contain personal data? Usually a license file cares about what components are installed on a machine, and how many users run the program - not who. In general, the system as well as the programs you install afterward come with appropriate permissions, so you should not need to unnecessarily restrict access to users. It's a very unusual request, that doesn't make sense to me. A large number of system files are supposed to be accessible for users, e.g. all system include files, or libraries, if you have programmers on your system, or system-wide configuration files, etc.