{"id":16406555,"url":"https://github.com/wincent/bansshee","last_synced_at":"2026-03-01T19:33:47.562Z","repository":{"id":568877,"uuid":"200299","full_name":"wincent/bansshee","owner":"wincent","description":"Anti-SSH-attack tool","archived":false,"fork":false,"pushed_at":"2025-01-24T10:06:49.000Z","size":42,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-23T21:27:09.016Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"http://bansshee.wincent.com/","language":null,"has_issues":false,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-2-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/wincent.png","metadata":{"files":{"readme":"README","changelog":"HISTORY","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2009-05-13T21:48:50.000Z","updated_at":"2023-08-09T21:28:02.000Z","dependencies_parsed_at":"2022-07-08T02:00:32.940Z","dependency_job_id":null,"html_url":"https://github.com/wincent/bansshee","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/wincent/bansshee","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wincent%2Fbansshee","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wincent%2Fbansshee/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wincent%2Fbansshee/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wincent%2Fbansshee/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/wincent","download_url":"https://codeload.github.com/wincent/bansshee/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/wincent%2Fbansshee/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":29981448,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-01T16:35:47.903Z","status":"ssl_error","status_checked_at":"2026-03-01T16:35:44.899Z","response_time":124,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-11T06:10:17.359Z","updated_at":"2026-03-01T19:33:47.541Z","avatar_url":"https://github.com/wincent.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"CONTENTS\n\n  * Overview\n  * Donations\n  * Requirements\n  * Configuration\n  * Starting Bansshee\n  * Stopping Bansshee\n  * Bansshee Website\n  * Obtaining Bansshee\n  * Contributing Code\n  * Author\n\n\nOVERVIEW\n\nBansshee is a Perl script that runs as a daemon watching for SSH dictionary\nattacks. On detecting an attack it uses the firewall to temporarily prevent\nfurther access attempts. Many aspects of Bansshee are configurable, including\nthe number of failed access attempts that may be generated by a given IP before\nthey are considered an attack, how long an IP will remain on the blocklist\nbefore being removed and what the grace period should be between attempts\nbefore the internal counters are reset.\n\n\nDONATIONS\n\nBansshee is provided free of charge under the simplified, 2-clause version of\nthe BSD license, as used by FreeBSD (see the LICENSE file for details) so it is\nboth free \"as in beer\" and free \"libre\". Although it is free you can encourage\nfurther development by making a donation and you are encouraged to do so if you\nfind it to be useful. Donations can be sent via PayPal to author at\nwin@wincent.com or via the website:\n\n  http://wincent.com/a/products/bansshee/#donations\n\n\nREQUIREMENTS\n\nPerl\n====\n\nBansshee requires a recent version of Perl compiled with multithreading\nsupport. Specifically it requires the newer \"ithreads\" (interpreter threads)\nimplementation available in Perl 5.6.0 and later. This version of Bansshee was\nbuilt and tested using Perl v5.8.0 (built for \"i386-linux-thread-multi\"). You\ncan check the version of Perl installed on your system and whether it supports\nmulti-threading by passing the -v or -V switch to Perl on the command line\n(more information on this below).\n\nBy default Bansshee expects to find perl installed at /usr/bin/perl; if perl is\ninstalled at a different location on your system then you must edit the first\nline of the bansshee script to reflect the location.\n\nPerl modules\n============\n\nBansshee relies on a number of Perl modules. More information about any of the\nmodules can be found by going to http://search.cpan.org/ and performing a\nsearch for the module name. You can determine if a module is present on your\nsystem by using Perl's \"-c\" command line switch to check the syntax of the\n\"bansshee\" script; it will report any required modules missing from your system:\n\n  perl -c bansshee\n\nTo install any missing modules you can use Perl's CPAN module. For example, to\ninstall the \"File::Tail\" module you could use:\n\n  sudo perl -MCPAN -e 'install File::Tail'\n\nHere follows a list of the modules used by Bansshee:\n\n* threads\n\nBansshee is written to use the newer \"ithreads\" (interpreter threads) model\nintroduced in Perl 5.6.0. To confirm that your version of Perl is compatible\nexamine the output of \"perl -V\" and look for the following:\n\n  usethreads=define use5005threads=undef useithreads=define\n\nNote that \"use5005threads\" (the old thread model) is set to \"undef\" and the new\nthread implementation (\"useithreads\") is set to \"define\".\n\n* Sys::Syslog\n\nA Perl interface to the UNIX syslog(3) calls. To my knowledge this module is\nincluded with the Perl base install.\n\n* sigtrap\n\nA Perl pragma to enable simple signal handling. Again I believe this is\nincluded with the Perl base install.\n\n* Proc::Daemon\n\nA module for running a Perl program as a daemon (background) process.\n\n* File::Tail\n\nA Perl extension for efficiently reading from continously updated files.\n\niptables\n========\n\nBansshee uses the iptables administration tool to control the tables of the IP\npacket filter rules in the kernel.\n\nGeneral\n=======\n\nBansshee must be run with root privileges so as to be able to make\nmodifications to the firewall using iptables, and also to monitor the log file\n(which may be owned by root and not world-readable).\n\n\nCONFIGURATION\n\nBansshee has a number of customizable settings that can be used to modify its\nbehaviour. The settings appear near the top of the \"bansshee\" script itself\nunder the heading \"Default Settings\". You may either edit the settings directly\nin the file itself, or place your customized settings in the\n\"/etc/bansshee.conf\" file. Settings in the conf file will override settings in\nthe script. By using the conf file you can upgrade the Bansshee script without\nhaving to re-apply your customizations to the script each time.\n\n* permitted_illegal_user\n\nThis is the number of attempts to log in using an illegal (unknown) username\nthat will be permitted from a single IP address before that IP address gets\nblocked. Defaults to 5 attempts.\n\n* permitted_incorrect_pass\n\nThis is the number of attempts to log in using a legal (known) username but\nsupplying an invalid password that will be permitted from a single IP address\nbefore that IP address gets blocked. Defaults to 5 attempts.\n\n* unban_wait\n\nThis is the minimum number of seconds that a blocked IP address must wait\nbefore it gets automatically removed from the blocklist. Defaults to 3600\nseconds (1 hour).\n\n* grace_period\n\nThis is the number of seconds that must pass before prior illegal user or\nincorrect password attempts from a given IP address are disregarded. Defaults\nto 3600 seconds (1 hour).\n\n* unblocking_interval\n\nThis is the number of seconds that Bansshee waits before checking the blocklist\nand removing any IP addresses which have been in the blocklist for more than\n\"unban_wait\" seconds. Defaults to 300 (5 minutes).\n\n\nPLATFORM-SPECIFIC CONFIGURATION\n\nIn addition to the already-discussed configuration variables, there are a\nnumber of settings which may need to be adjusted depending in order to make\nBansshee work on different platforms. These settings are:\n\n* logpath\n\nThe path to the logfile that Bansshee should watch in order to detect breakin\nattempts. Defaults to \"/var/log/secure\".\n\n* illegal_user_regex\n\nA regular expression used to detect log entries corresponding to attempt to log\nin using an illegal/invalid (non-existent) user. The regular expression should\ncontain two parenthesised subpatterns, one for the username and one for the\nremote IP address, so that Bansshee can extract those subpatterns. If you need\nto use brackets for any other part within the regular expression than you\nshould use a non-capturing subpattern -- denoted with (?:subpattern) --\ninstead; see the RHEL 5.3 configuration file in the contrib directory for an\nexample of this.\n\n* incorrect_pass_regex\n\nLike the illegal_user_regex, this setting provides a regular expression to\ndetect connection attempts which supply a valid user but an incorrect password.\nAgain, two parenthesised subpatterns (for username and remote IP) are required\nso that Bansshee can extract the corresponding information.\n\n* iptables\n\nThe path to the iptables executable. Defaults to \"/sbin/iptables\".\n\n* iptables_create\n\nArguments that should be passed to iptables to create the BANSSHEE chain.\nDefaults to \"-N BANSSHEE\".\n\n* iptables_add\n\nArguments that should be passed to iptables to add the BANSSHEE jump rule.\nDefaults to \"-I INPUT -p tcp --dport ssh -j BANSSHEE\".\n\n* iptables_remove\n\nArguments that should be passed to iptables to remove the BANSSHEE jump rule.\nDefaults to \"-D INPUT -p tcp --dport ssh -j BANSSHEE\".\n\n* iptables_flush\n\nArguments that should be passed to iptables to flush the BANSSHEE chain.\nDefaults to \"-F BANSSHEE\".\n\n* iptables_delete\n\nArguments that should be passed to iptables to delete the BANSSHEE chain.\nDefaults to \"-X BANSSHEE\".\n\n* id\n\nCommand that should be executed to determine if Bansshee is running as root.\nDefaults to \"/usr/bin/id -u\".\n\n* log_facility\n\nControls Bansshee's logging of status messages to /var/log/secure or similar.\nDefaults to \"authpriv\".\n\nThe default settings were developed and tested using Red Hat Enterprise Linux\nES3 and may work with other platforms.\n\nIn addition there are some user-contributed support files in the \"contrib\"\ndirectory that may be helpful when setting up Bansshee on other platforms.\n\n\nSTARTING BANSSHEE\n\nFor information on installing Bansshee see the INSTALL file.\n\nFor automatic startup at boot time see the platform-specific files in the\ncontrib directory. If Bansshee has been set up to start automatically at boot\ntime then it should always be started (and stopped) using the same control\nscript. For example, on Red Had Enterprise Linux the following command would be\nused:\n\n  sudo service bansshee start\n\nFor manual startup, working from the directory containing the bansshee script:\n\n  sudo ./bansshee\n\n\nSTOPPING BANSSHEE\n\nTo manually stop Bansshee find its PID and kill it. For example, on a system\nlike Red Hat Enterprise Linux which comes with a \"pidof\" command the following\ncommand can be used to stop Bansshee:\n\n  sudo kill $(pidof -x bansshee)\n\nBansshee will catch the kill signal, perform clean-up and then exit.\n\nIf Bansshee has been set up to start automatically at boot time then it should\nbe stopped using the same control script that was used to start it. For\nexample, on Red Hat Enterprise Linux the following command would be used:\n\n  sudo service bansshee stop\n\nUnlike some other anti-dictionary attack tools currently available, Bansshee\nmakes no attempt to save its state between sessions. This is because most\nattacks are transitory in nature anyway (the attacker tries and then moves on)\nand there is little benefit to trying to maintain state information between\nsessions. As a result the Bansshee code base is cleaner and less likely to\ncontain bugs. It sets up its own IP tables rules on launch and cleans up after\nitself on exit. The need for a persistent store is also minimized by the fact\nthat Bansshee is solid and stable enough to run for long periods without being\nrestarted. At the time of writing my current Bansshee install has been up and\nrunning without interruption for an entire month without any problems.\n\n\nBANSSHEE WEBSITE\n\n  http://wincent.com/a/products/bansshee/\n\n\nOBTAINING BANSSHEE\n\nThe latest released version of Bansshee can be downloaded from the website\n(link appears above).\n\nYou can clone the source code repository using Git:\n\n  git clone git://git.wincent.com/bansshee.git\n\nOr explore the repository contents using a browser:\n\n  http://git.wincent.com/bansshee.git\n\nOlder versions can be checked out via Subversion:\n\n  svn co svn://svn.wincent.com/bansshee\n\n\nCONTRIBUTING CODE\n\nTo submit changes to Bansshee please use \"git format-patch\" (see OBTAINING\nBANSSHEE for information on cloning the repository) and send your patch via\nemail to win@wincent.com.\n\n\nAUTHOR\n\nBansshee is written and maintained by Wincent Colaiuta:\n\n  http://wincent.com/\n  win@wincent.com\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwincent%2Fbansshee","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwincent%2Fbansshee","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwincent%2Fbansshee/lists"}