[nzlug] Firewall Script
Steve Holdoway
steve at greengecko.co.nz
Fri Sep 21 08:43:18 NZST 2007
... I use denyhosts to do the same thing. I also wrote a script to do a similar thing with my mail logs - to get rid of these probes. Whether that works is debatable...
On Fri, 21 Sep 2007 08:24:40 +1200
"Ian Beardslee" <itb at falcons.co.nz> wrote:
> I have fail2ban that pretty does a similar sort of job as you are describing
>
> http://www.fail2ban.org
>
> -----Original Message-----
> From: "Cameron Bradley" <dfuzed at dfuzed.org>
> To: <nzlug at linux.net.nz>
> Date: Thu, 20 Sep 2007 11:37:56 +1200
> Subject: [nzlug] Firewall Script
>
> > Hi there,
> >
> > I have a bit of an issue with brute force/dictionary attacks on my SSH
> > server, and I have noticed that they rarely pass an identification
> > string.
> >
> > Basically, what I want to do, is have a script that runs 10min'ly, and
> > looks at my SSH logs, if it sees more than 3 'invalid user' entries
> > from one IP, or that said IP didnt pass an identification string on
> > connect, to check and see if that IP is currently entered into
> > iptables, and if it is not, to run the iptables command to block it.
> >
> > Its been a while since ive written any bash scripts, let alone had them
> > parse files, so would appreciate some help writing this script.
> >
> > Cheers,
> > Cameron
> > _______________________________________________
> > NZLUG mailing list NZLUG at linux.net.nz
> > http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
>
>
>
> _______________________________________________
> NZLUG mailing list NZLUG at linux.net.nz
> http://www.linux.net.nz/cgi-bin/mailman/listinfo/nzlug
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.linux.net.nz/pipermail/nzlug/attachments/20070921/de70c4b5/attachment.pgp
More information about the NZLUG
mailing list