[nzlug] Firewall Script
Derek
derek at simplehost.co.nz
Thu Sep 20 15:20:19 NZST 2007
Hi Cameron,
Blockhosts is quite good for this..
http://www.debian-administration.org/articles/342
http://freshmeat.net/projects/blockhosts/
Beware using the recent module in iptables on a kernel below 2.6.12 as
it has a known bug
(http://www.oreillynet.com/linux/blog/2006/05/iptables_recent_module_bug.html)
Cameron Bradley wrote:
> Hi there,
>
> I have a bit of an issue with brute force/dictionary attacks on my SSH server, and I have noticed that they rarely pass an identification string.
>
> Basically, what I want to do, is have a script that runs 10min'ly, and looks at my SSH logs, if it sees more than 3 'invalid user' entries from one IP, or that said IP didnt pass an identification string on connect, to check and see if that IP is currently entered into iptables, and if it is not, to run the iptables command to block it.
>
> Its been a while since ive written any bash scripts, let alone had them parse files, so would appreciate some help writing this script.
>
> Cheers,
> Cameron
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
>
>
More information about the NZLUG
mailing list