[rlug] Re: blocare ssh

Mon, 21 Feb 2005 23:05:38 -0800 

Poti sa incerci scriptul asta!!!

touch hist_ip

START:

 sleep 10
 grep Invalid /var/log/messages > ips
 cat ips | awk '{ FS =3D " " } { print $10 | "uniq" }' | sort | uniq > =
ext_ip
 comm -1 hist_ip ext_ip > new_ip
 cat ips | awk '{ FS =3D " " } { print $10 | "uniq" }' | sort | uniq > =
hist_ip
 cat new_ip | sed -e '/^\t/d' > block_this
 cat block_this >> black_list.txt
 cat block_this | awk '{ system("iptables -A INPUT -i eth0 -p tcp =
--dport 22
-j DROP -s " $0 )}'

goto START

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Marius
Stan
Sent: 22/02/2005 8:55 AM
To: [email protected]
Subject: [rlug] blocare ssh

Salut,

Exista posibilitatea in vreu server ssh de a bloca complet un anumit IP =
dupa
un nr de parole gresite ? Vreau sa evit scan-uri de genul:

Invalid user test from 213.56.25.38
Failed password for invalid user test from 213.56.25.38 port 3220 ssh2
Invalid user guest from 213.56.25.38
Failed password for invalid user guest from 213.56.25.38 port 3403 ssh2
Invalid user admin from 213.56.25.38
Failed password for invalid user admin from 213.56.25.38 port 3569 ssh2
Invalid user admin from 213.56.25.38

Marius



---=20
Detalii despre listele noastre de mail: http://www.lug.ro/



--- 
Detalii despre listele noastre de mail: http://www.lug.ro/

Raspunde prin e-mail lui