clearlinux/clear-linux-documentation
2
0
Fork 0
mirror of https://github.com/clearlinux/clear-linux-documentation.git synced 2026-05-13 18:33:40 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
latestHTML
clear-linux-documentation/reference/manpages/tallow.1.html
alexjch 90b41ced3a latest html output
2024-11-04 18:56:31 +00:00

191 lines
10 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
<!DOCTYPE html>
<html lang="en" data-content_root="../../">
<head>
<meta charset="utf-8" />
<meta name="viewport" content="width=device-width, initial-scale=1.0" /><meta name="viewport" content="width=device-width, initial-scale=1" />
<title>tallow &#8212; Documentation for Clear Linux* project</title>
<link rel="stylesheet" type="text/css" href="../../_static/pygments.css?v=fa44fd50" />
<link rel="stylesheet" type="text/css" href="../../_static/bizstyle.css?v=5283bb3d" />
<link rel="stylesheet" type="text/css" href="../../_static/copybutton.css?v=76b2166b" />
<script src="../../_static/documentation_options.js?v=5929fcd5"></script>
<script src="../../_static/doctools.js?v=9bcbadda"></script>
<script src="../../_static/sphinx_highlight.js?v=dc90522c"></script>
<script src="../../_static/clipboard.min.js?v=a7894cd8"></script>
<script src="../../_static/copybutton.js?v=a56c686a"></script>
<script src="../../_static/bizstyle.js"></script>
<link rel="canonical" href="https://clearlinux.github.io/clear-linux-documentation/reference/manpages/tallow.1.html" />
<link rel="icon" href="../../_static/favicon.ico"/>
<link rel="author" title="About these documents" href="../../about.html" />
<link rel="index" title="Index" href="../../genindex.html" />
<link rel="search" title="Search" href="../../search.html" />
<link rel="next" title="tallow.conf" href="tallow.conf.5.html" />
<link rel="prev" title="swupd-update.timer" href="swupd-update.timer.4.html" />
<meta name="viewport" content="width=device-width,initial-scale=1.0" />
<!--[if lt IE 9]>
<script src="_static/css3-mediaqueries.js"></script>
<![endif]-->
</head><body>
<div class="related" role="navigation" aria-label="Related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../genindex.html" title="General Index"
accesskey="I">index</a></li>
<li class="right" >
<a href="tallow.conf.5.html" title="tallow.conf"
accesskey="N">next</a> |</li>
<li class="right" >
<a href="swupd-update.timer.4.html" title="swupd-update.timer"
accesskey="P">previous</a> |</li>
<li class="nav-item nav-item-0"><a href="../../index.html">Documentation for Clear Linux* project</a> &#187;</li>
<li class="nav-item nav-item-1"><a href="../index.html" >Reference</a> &#187;</li>
<li class="nav-item nav-item-2"><a href="../man-pages.html" accesskey="U">Man pages</a> &#187;</li>
<li class="nav-item nav-item-this"><a href="">tallow</a></li>
</ul>
</div>
<div class="document">
<div class="documentwrapper">
<div class="bodywrapper">
<div class="body" role="main">
<section id="tallow">
<h1>tallow<a class="headerlink" href="#tallow" title="Link to this heading"></a></h1>
<p>Reduce log clutter due to ssh login attempts.</p>
<section id="synopsis">
<h2>SYNOPSIS<a class="headerlink" href="#synopsis" title="Link to this heading"></a></h2>
<p><code class="docutils literal notranslate"><span class="pre">/usr/sbin/tallow</span></code></p>
</section>
<section id="description">
<h2>DESCRIPTION<a class="headerlink" href="#description" title="Link to this heading"></a></h2>
<p><code class="docutils literal notranslate"><span class="pre">tallow</span></code> is a daemon that watches the systemd journal for messages
from the <code class="docutils literal notranslate"><span class="pre">sshd</span></code> service. It parses the messages and looks for
attempted random logins such as failed logins to the root account and
failed logins to invalid user accounts, and various other obviously
malicious login attempts that try things as forcing old protocols, or
weak key systems.</p>
<p>If such logins were detected, the offending IP address is stored in a
list. Items from this list are regularly purged, but if the amount of
times that a specific IP address is seen exceeds a threshold, an
ipset(1) entry is inserted in the <code class="docutils literal notranslate"><span class="pre">tallow</span></code> or <code class="docutils literal notranslate"><span class="pre">tallow6</span></code> ipset, and
further packets from that ip address will be blocked by an
<code class="docutils literal notranslate"><span class="pre">iptables(1)</span></code> or <code class="docutils literal notranslate"><span class="pre">ip6tables(1)</span></code> rule that tallow creates at startup.
Additionally, certain types of login failure will trigger a short term
ban of further packets from the offending IP address immediately.</p>
<p>The system administrator needs to assure that the tallow and tallow6
ipsets are left alone and that the inserted iptables rules are properly
matching on packets.</p>
<p>Care should be taken to assure that legitimate users are not blocked
inadvertently. You may wish to list any valid IP address with the
whitelist option in <a class="reference external" href="tallow.conf.5.html">tallow.conf(5)</a>. Multiple addresses can be
whitelisted.</p>
</section>
<section id="options">
<h2>OPTIONS<a class="headerlink" href="#options" title="Link to this heading"></a></h2>
<p>The <code class="docutils literal notranslate"><span class="pre">tallow</span></code> daemon itself has no runtime configuration. All
configuration is done through the <a class="reference external" href="tallow.conf.5.html">tallow.conf(5)</a> config file.</p>
</section>
<section id="signals">
<h2>SIGNALS<a class="headerlink" href="#signals" title="Link to this heading"></a></h2>
<p>The <code class="docutils literal notranslate"><span class="pre">USR1</span></code> signal causes <code class="docutils literal notranslate"><span class="pre">tallow</span></code> to print out its internal
tracking table of IP addresses. This requires that tallow is compiled
with the <code class="docutils literal notranslate"><span class="pre">-DDEBUG=1</span></code> symbol passed to the compiler.</p>
</section>
<section id="see-also">
<h2>SEE ALSO<a class="headerlink" href="#see-also" title="Link to this heading"></a></h2>
<p>systemd-journald(1), iptables(1), ipset(1), <a class="reference external" href="tallow.conf.5.html">tallow.conf(5)</a>,
<a class="reference external" href="tallow.patterns.5.html">tallow.patterns(5)</a></p>
</section>
<section id="bugs">
<h2>BUGS<a class="headerlink" href="#bugs" title="Link to this heading"></a></h2>
<p><code class="docutils literal notranslate"><span class="pre">tallow</span></code> is <code class="docutils literal notranslate"><span class="pre">NOT</span> <span class="pre">A</span> <span class="pre">SECURITY</span> <span class="pre">SOLUTION</span></code>, nor does it protect against
random password logins. A attacker may still be able to logon to your
systems if you allow password logins.</p>
</section>
</section>
<div class="clearer"></div>
</div>
</div>
</div>
<div class="sphinxsidebar" role="navigation" aria-label="Main">
<div class="sphinxsidebarwrapper">
<p class="logo"><a href="../../index.html">
<img class="logo" src="../../_static/clearlinux.png" alt="Logo of Clear Linux* Project Docs"/>
</a></p>
<div>
<h3><a href="../../index.html">Table of Contents</a></h3>
<ul>
<li><a class="reference internal" href="#">tallow</a><ul>
<li><a class="reference internal" href="#synopsis">SYNOPSIS</a></li>
<li><a class="reference internal" href="#description">DESCRIPTION</a></li>
<li><a class="reference internal" href="#options">OPTIONS</a></li>
<li><a class="reference internal" href="#signals">SIGNALS</a></li>
<li><a class="reference internal" href="#see-also">SEE ALSO</a></li>
<li><a class="reference internal" href="#bugs">BUGS</a></li>
</ul>
</li>
</ul>
</div>
<div>
<h4>Previous topic</h4>
<p class="topless"><a href="swupd-update.timer.4.html"
title="previous chapter">swupd-update.timer</a></p>
</div>
<div>
<h4>Next topic</h4>
<p class="topless"><a href="tallow.conf.5.html"
title="next chapter">tallow.conf</a></p>
</div>
<div role="note" aria-label="source link">
<h3>This Page</h3>
<ul class="this-page-menu">
<li><a href="../../_sources/reference/manpages/tallow.1.rst.txt"
rel="nofollow">Show Source</a></li>
</ul>
</div>
<search id="searchbox" style="display: none" role="search">
<h3 id="searchlabel">Quick search</h3>
<div class="searchformwrapper">
<form class="search" action="../../search.html" method="get">
<input type="text" name="q" aria-labelledby="searchlabel" autocomplete="off" autocorrect="off" autocapitalize="off" spellcheck="false"/>
<input type="submit" value="Go" />
</form>
</div>
</search>
<script>document.getElementById('searchbox').style.display = "block"</script>
</div>
</div>
<div class="clearer"></div>
</div>
<div class="related" role="navigation" aria-label="Related">
<h3>Navigation</h3>
<ul>
<li class="right" style="margin-right: 10px">
<a href="../../genindex.html" title="General Index"
>index</a></li>
<li class="right" >
<a href="tallow.conf.5.html" title="tallow.conf"
>next</a> |</li>
<li class="right" >
<a href="swupd-update.timer.4.html" title="swupd-update.timer"
>previous</a> |</li>
<li class="nav-item nav-item-0"><a href="../../index.html">Documentation for Clear Linux* project</a> &#187;</li>
<li class="nav-item nav-item-1"><a href="../index.html" >Reference</a> &#187;</li>
<li class="nav-item nav-item-2"><a href="../man-pages.html" >Man pages</a> &#187;</li>
<li class="nav-item nav-item-this"><a href="">tallow</a></li>
</ul>
</div>
<div class="footer" role="contentinfo">
&#169; Copyright 2022 Intel Corporation. All Rights Reserved..
Last updated on Nov 04, 2024.
Created using <a href="https://www.sphinx-doc.org/">Sphinx</a> 8.1.3.
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink