Former Security Team Lead at the National Computer Center here.
My first script parses the authlog against a CIDR whitelist, automatically reloads pf with the brutes, pretty prints and logs all threats added, counts existing threats, sys logs, has a backup mode, and blocks most vulnerability scanners.
Even though you may already be running Snort or Suricata it acts as another layer of protection. I run it all the time, just see what is going on my with SSH logs as it has a mode that will simply print all the logins that aren't whitelisted. Plus the included pf.conf is quite good for anyone concerned with OpenBSD security.
There are sure to be differing opinions on this but having worked in Cybersecurity for two decades I see companies like Stretchoid a menace to the Internet. I contacted all vulnerability sellers and got the IP addresses from every one of them and then made a pf blocklist with accompanying pf.conf that is well hardened.
For my second script I created an OpenBSD themed GoAccess Web Analytics configurator with a korn shell script that uses the correct and sometimes strange OpenBSD logging time format to set up the conf for OpenBSD 7.3 combined logging and automatically download an ASN database moving it into place. GoAccess is great for monitoring your web server and so I also see it as a security tool.
Hope you find them useful!
My first script parses the authlog against a CIDR whitelist, automatically reloads pf with the brutes, pretty prints and logs all threats added, counts existing threats, sys logs, has a backup mode, and blocks most vulnerability scanners.
Even though you may already be running Snort or Suricata it acts as another layer of protection. I run it all the time, just see what is going on my with SSH logs as it has a mode that will simply print all the logins that aren't whitelisted. Plus the included pf.conf is quite good for anyone concerned with OpenBSD security.
There are sure to be differing opinions on this but having worked in Cybersecurity for two decades I see companies like Stretchoid a menace to the Internet. I contacted all vulnerability sellers and got the IP addresses from every one of them and then made a pf blocklist with accompanying pf.conf that is well hardened.
For my second script I created an OpenBSD themed GoAccess Web Analytics configurator with a korn shell script that uses the correct and sometimes strange OpenBSD logging time format to set up the conf for OpenBSD 7.3 combined logging and automatically download an ASN database moving it into place. GoAccess is great for monitoring your web server and so I also see it as a security tool.
Hope you find them useful!