pam_ihosts 1.5.4

pam_ihosts is a PAM module that can allow/deny login on the basis of IP address, MAC address or the country-code/registrar associated with an IP. It uses the allocated ip-range files that are downloadable from Regional Internet Registries. pam_ihosts can also check in whitelist/blacklist files and in DNS whitelists/blacklists.

Tags pam login ssh geolocation whitelisting blacklisting dns
License GNU GPLv3
State mature

Recent Releases

1.5.414 Jan 2017 14:44 major feature: Added environment variables IHOSTS_ADDRESS, IHOSTS_MAC and IHOSTS_REGION that describe the source of a connection/login to processes serving that connection
1.5.204 Apr 2016 09:56 minor bugfix: A debugging printf had been left in, has now been removed. Some gcc compile warnings have been fixed.
1.502 Apr 2016 21:56 minor feature: mmap memory-mapped-file support added for ip region files and blacklist/whitelist files. If a long-lived program keeps these files shared mmaped, then pam_ihosts (which gets briefly run when a login occurs) won't have to load these files from disk, giving a signficant performance boost.
1.427 Jan 2016 19:46 major feature: Now builds on 64-bit linux. DNS blacklists or whitelists like now supported for allow/deny logins. Manpage reworked.
1.3.226 Jan 2016 10:12 minor bugfix: the 'script' option had a fault. If a script is called on allow/deny and one of it's options (say, IP region) cannot be obtained and is NULL, the script will fail. This has been fixed along with a minor memory leak.
1.3.123 Nov 2015 05:09 minor bugfix: Handle segfault when calling program fails to set rhost.
1.325 Oct 2015 10:30 major feature: External config file support added. Running a userscript on connection allow/deny wasn't functioning, this is now fixed.
1.208 Aug 2015 14:29 major feature: IP6 support added.
1.125 Jun 2015 23:55 major feature: MAC address comparisons now case insensitive. 127.x.x.x is now considered a 'local' address. Added support for whitelist and blacklist files containing lists of IP addresses, MAC addresses or hostnames to block/allow.