[nzlug] Firewall Script
Ian Beardslee
itb at falcons.co.nz
Fri Sep 21 08:24:40 NZST 2007
I have fail2ban that pretty does a similar sort of job as you are describing
http://www.fail2ban.org
-----Original Message-----
From: "Cameron Bradley" <dfuzed at dfuzed.org>
To: <nzlug at linux.net.nz>
Date: Thu, 20 Sep 2007 11:37:56 +1200
Subject: [nzlug] Firewall Script
> Hi there,
>
> I have a bit of an issue with brute force/dictionary attacks on my SSH
> server, and I have noticed that they rarely pass an identification
> string.
>
> Basically, what I want to do, is have a script that runs 10min'ly, and
> looks at my SSH logs, if it sees more than 3 'invalid user' entries
> from one IP, or that said IP didnt pass an identification string on
> connect, to check and see if that IP is currently entered into
> iptables, and if it is not, to run the iptables command to block it.
>
> Its been a while since ive written any bash scripts, let alone had them
> parse files, so would appreciate some help writing this script.
>
> Cheers,
> Cameron
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
More information about the NZLUG
mailing list