On Mon, Jan 22, 2001 at 05:28:10PM -0500, Justin Zygmont wrote:
> could you please send me your addbad script, I think something like that
> would be quite useful:) I was compromised a while ago by rpc.statd too..
No problem; it's short enough to append here. It works with a bit of code
in your ipchains to guarantee the added addresses are persistent; I think
it may be already in scripts generated by www.linux-firewall-tools.com, or
I may have added it--I can't remember. Anyway, it's trivial:
# Deny access to jerks
# --------------------
# /etc/rc.d/rc.firewall.blocked contains a list of
# ipchains -A input -i $EXTERNAL_INTERFACE -s address -j DENY
# rules to block from any access.
# Refuse any connection from problem sites
if [ -f /etc/rc.d/rc.firewall.blocked ]; then
. /etc/rc.d/rc.firewall.blocked
fi
The addbad script follows. Note that portsentry will do much of this kind
of thing for you, but I'm on the system often enough that I can track it
myself, and it gives me some satisfaction. (BTW, after the posts this
afternoon, I logged 5 sudden and separate attacks. 3 of them are in the
U.S., and the ISPs say the accounts are going to be terminated ASAP...)
Cheers,
--
Dave Ihnat
[EMAIL PROTECTED]
=====================================================================
#!/bin/ksh
#
# Addbad - Add a bad guy to the IP firewall-blocked list.
#
# Author: David M. Ihnat
#
# This is a work in the Public Domain.
#
######################################################################
# Data Declarations
######################################################################
VERSION="1.0"
BLOCKFILE="/etc/rc.d/rc.firewall.blocked";
EXT_IF="eth1";
BAD_COMMENT="";
if [ "$1" ]
then
BAD_IP="$1";
shift;
else
echo -n "Enter bad IP:";
read BAD_IP;
enter -n "Comment: ";
read BAD_COMMENT;
fi;
if [ "$1" ]
then
BAD_COMMENT="[$* `date \"+%m/%d/%y %H:%M\"`]";
shift;
fi;
echo -n "Bad IP is :$BAD_IP:. Continue? ";
read ANS;
if [ "$ANS" != "y" ]
then
exit 1;
fi;
egrep "$BAD_IP" $BLOCKFILE >/dev/null;
if [ $? -eq 0 ]
then
echo "$BAD_IP is already in $BLOCKFILE.";
if [ "$BAD_COMMENT" ]
then
echo -n "Add comment to existing entry?: ";
read ANS;
if [ "$ANS" != "y" ]
then
exit 1;
else
# If there's already a comment, append; otherwise, create.
egrep "$BAD_IP" $BLOCKFILE |
sed -e "/$BAD_IP/s/$BAD_IP/& # $BAD_COMMENT/" <$BLOCKFILE
>/usr/tmp/blck.$$;
cat /usr/tmp/blck.$$ >$BLOCKFILE;
rm -f /usr/tmp/blck.$$;
exit 0;
fi;
exit 1;
fi;
exit 1;
fi;
if [ "$BAD_COMMENT" ]
then
BAD_COMMENT=" # $BAD_COMMENT";
fi;
echo "ipchains -A input -i \$EXTERNAL_INTERFACE -s $BAD_IP -j DENY${BAD_COMMENT}" >>
$BLOCKFILE;
ipchains -A input -i $EXT_IF -s $BAD_IP -j DENY
exit 0;
#END OF SCRIPT
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
