Forge Home

pam_shield

Install pam_shield brute force protection for sshd

14,469 downloads

6,769 latest version

4.5 quality score

We run a couple of automated
scans to help you access a
module's quality. Each module is
given a score based on how well
the author has formatted their
code and documentation and
modules are also checked for
malware using VirusTotal.

Please note, the information below
is for guidance only and neither of
these methods should be considered
an endorsement by Puppet.

Version information

  • 2.0.0 (latest)
  • 1.1.2
  • 1.1.1
  • 1.1.0
  • 1.0.2
  • 1.0.1
  • 1.0.0
  • 0.1.0
released Aug 13th 2014
This version is compatible with:
  • , , ,

Start using this module

  • r10k or Code Manager
  • Bolt
  • Manual installation
  • Direct download

Add this module to your Puppetfile:

mod 'jgazeley-pam_shield', '0.1.0'
Learn more about managing modules with a Puppetfile

Add this module to your Bolt project:

bolt module add jgazeley-pam_shield
Learn more about using this module with an existing project

Manually install this module globally with Puppet module tool:

puppet module install jgazeley-pam_shield --version 0.1.0

Direct download is not typically how you would use a Puppet module to manage your infrastructure, but you may want to download the module in order to inspect the code.

Download
Tags: ssh, pam-shield

Documentation

jgazeley/pam_shield — version 0.1.0 Aug 13th 2014

pam_shield

Table of Contents

  1. Overview
  2. Module Description - What the module does and why it is useful
  3. Setup - The basics of getting started with pam_shield
  4. Usage - Configuration options and additional functionality
  5. Reference - An under-the-hood peek at what the module is doing and how
  6. Limitations - OS compatibility, etc.
  7. Development - Guide for contributing to the module

Overview

This module install pam_shield brute-force protection for sshd. It was developed for use with CentOS and by extension should work on Red Hat, Scientific and Fedora. It has not been tested with Debian or Ubuntu.

Module Description

This module installs the pam_shield package and provides basic config files to protect your system from ssh brute-force attacks with (relatively) sane defaults. It should "just work" out of the box.

The first release has no customisable parameters as the config file is hard-coded. Future releases will provide this functionality (feel free to send patches if you want it sooner).

Setup

What pam_shield affects

Wherever possible, this module adds its own files to your system without overwriting anything. However it will stamp all over your copy of /etc/pam.d/sshd so if you have customised this on your system, be sure to check the source of this module and make sure it is compatible.

On RedHat-like systems (except Fedora), the pam_shield package is provided by the EPEL repository. This module uses stahnma/epel to provide the repository. Check for conflicts if you provide EPEL in a different way.

Usage

The first release of this module provides no customisable options. To use it, just include ::pam_shield

Reference

... one day

Limitations

This module was developed for use with CentOS and by extension should work on Red Hat, Scientific and Fedora. It has not been tested with Debian or Ubuntu. If packages are available for other platforms then it should be easy to extend this module.

Development

Feel free to fork and send pull requests, or just make feature requests in the issue tracker. I can't guarantee having the time to look at anything.