[nzlug] Firewall Script
Cameron Bradley
cameron.bradley at gmail.com
Thu Sep 20 14:57:34 NZST 2007
Hi there,
I have a bit of an issue with brute force/dictionary attacks on my SSH server, and I have noticed that they rarely pass an identification string.
Basically, what I want to do, is have a script that runs 10min'ly, and looks at my SSH logs, if it sees more than 3 'invalid user' entries from one IP, or that said IP didnt pass an identification string on connect, to check and see if that IP is currently entered into iptables, and if it is not, to run the iptables command to block it.
Its been a while since ive written any bash scripts, let alone had them parse files, so would appreciate some help writing this script.
Cheers,
Cameron
More information about the NZLUG
mailing list