Gerard Beekmans wrote:
> The only maybe way around this is create a web app where I can input IP
> addresses that can SSH and some cronjob to check for changes and update
> the firewall accordingly.
I came up with a quick php like what you describe when I started getting
hit with those a few months ago. I'm not really a security freak, but
this seems to do the job for me. With the apache user in sudoers and
iptables defaulting to block port 22:
-----
<?php
$seg=split('\.',getenv('REMOTE_ADDR'));
$error=0;
$ip='';
for ($i=0; $i <=3; $i++) {
if ((strlen($seg[$i]) > 0) && (strlen($seg[$i]) < 4) &&
(is_numeric($seg[$i]))) {
$ip .= $seg[$i];
if ($i < 3) {
$ip .= ".";
}
} else {
$error++;
}
}
if (crypt($password,"ab") == "myCryptedPassword") {
$execString="/usr/local/bin/sudo /usr/local/sbin/iptables -I INPUT -i
eth0 -s " . $ip . " -p tcp -m tcp --dport 22 -j ACCEPT;";
system($execString);
print "Added $ip to ACL.";
} else {
print "<form action=$PHP_SELF method=POST>\n";
print "Password: <input type=password name=password size=10>\n";
print "<input type=submit value=Submit>\n";
print "</form>\n";
}
?>
-----
Someone else could probably up with something better though..
--
Dustin Runnells
[EMAIL PROTECTED]
--
http://linuxfromscratch.org/mailman/listinfo/lfs-security
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
