Hi Micheal, Thanks a lot for the quick response and seems this is pretty much what I really needed. However, just a minor problem and i'm not that strong in sed to fix it.
In the /scripts/bad-ips file, I get entries like 222.98.152.130 port 60800 ssh2 222.98.152.130 port 60830 ssh2 222.98.152.130 port 60837 ssh2 222.98.152.130 port 60839 ssh2 and iptables doesn't like it and gives error .iptables v1.2.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: host/network `port' not found iptables: No chain/target/match by that name Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: host/network `port' not found Try `iptables -h' or 'iptables --help' for more information. .iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name iptables: No chain/target/match by that name .iptables v1.2.9: host/network `ssh2' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: host/network `ssh2' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: host/network `ssh2' not found Try `iptables -h' or 'iptables --help' for more information. iptables v1.2.9: host/network `ssh2' not found Try `iptables -h' or 'iptables --help' for more information. .iptables: No chain/target/match by that name iptables: No chain/target/match by that name Any recommendations to fix this? Thanks R'twick On Fri, 2005-02-11 at 02:52 +0000, Michael Thompson wrote: > R'twick Niceorgaw wrote: > > Hi all, > > Recently I'm receiving a lot of failed ssh login attempts on my box for > > user root as well as a whole lot of other users which doesn't even > > exist. I'm getting tired of blocking these IPs manually everyday. > > Is there any software that can look in the logs and put these IPs in > > iptables to drop automatically (either in a daemon mode or via cron)? > > > > TIA > > -R'twick > > > Try this > > #!/bin/bash > > cat /scripts/bad-ips > /scripts/bad-ssh > cat /var/log/messages | grep sshd | grep Invalid | sed -e 's/^.*from > //g' | sort -u | uniq >> /scripts/bad-ssh > zcat /var/log/messages.[1-25].gz | grep sshd | grep Invalid | sed -e > 's/^.*from //g' | sort -u | uniq >> /scripts/bad-ssh > cat /scripts/bad-ssh |sed -e 's/::ffff://g'|sort -u |sort -n | uniq > > /scripts/bad-ips > > /sbin/iptables -F BLACKLIST > > echo "Writing IPTables Rulesets" > > for i in `cat /scripts/bad-ips` > do > /sbin/iptables -A BLACKLIST -p ALL -i eth1 -s $i/32 -j > LOG --log-prefix "BLACKLISTED: " > /sbin/iptables -A BLACKLIST -p ICMP -i eth1 -s $i/32 -j > DROP > /sbin/iptables -A BLACKLIST -p TCP -i eth1 -s $i/32 -j > REJECT > /sbin/iptables -A BLACKLIST -p UDP -i eth1 -s $i/32 -j > REJECT > echo -n "." > done > > echo > echo "Done." > > iptables -A BLACKLIST -j RETURN
signature.asc
Description: This is a digitally signed message part
