I have Denyhosts setup on a few of my servers, however, a couple servers don't have Python 2.2.3 or higher installed, so I can't run the program. Basically, it parses your secure.log files and adds bruteforce attack IP's to your hosts.deny file.
For the servers that don't have it installed, I'd like to combine the collection of denied hosts and incoporate them into one file. Here's an example of two files I'd like to join: # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! sshd: 24.199.204.163 sshd: 128.122.141.79 sshd: 80.86.123.72 sshd: 81.4.170.132 sshd: 220.231.31.189 sshd: 222.190.110.131 sshd: 60.28.9.243 sshd: 213.58.131.180 sshd: 81.199.19.94 sshd: 70.84.29.164 sshd: 216.153.197.146 sshd: 80.97.64.181 sshd: 207.189.131.105 and this one: # # hosts.deny This file describes the names of the hosts which are # *not* allowed to use the local INET services, as decided # by the '/usr/sbin/tcpd' server. # # The portmap line is redundant, but it is left to remind you that # the new secure portmap uses hosts.deny and hosts.allow. In particular # you should know that NFS uses portmap! sshd: 217.160.188.22 sshd: 210.0.217.23 sshd: 24.225.250.203 sshd: 220.69.185.24 sshd: 202.181.96.33 sshd: 210.51.191.250 sshd: 62.110.43.250 sshd: 222.37.134.35 sshd: 59.144.0.147 sshd: 68.62.110.152 sshd: 200.72.32.250 sshd: 128.113.63.59 sshd: 210.211.138.100 sshd: 66.227.79.1 sshd: 82.77.188.12 sshd: 66.78.27.24 sshd: 193.198.20.3 sshd: 194.126.99.220 sshd: 24.199.204.163 sshd: 128.122.141.79 sshd: 80.86.123.72 sshd: 81.4.170.132 sshd: 220.231.31.189 sshd: 222.190.110.131 sshd: 60.12.174.7 sshd: 24.185.39.62 sshd: 60.28.9.243 sshd: 70.84.29.164 sshd: 81.199.19.94 sshd: 216.153.197.146 sshd: 84.244.1.232 sshd: 81.10.192.58 sshd: 80.97.64.181 sshd: 207.189.131.105 -- The information transmitted (including attachments) is covered by the Electronic Communications Privacy Act, 18 U.S.C. 2510-2521, is intended only for the person(s) or entity/entities to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient(s) is prohibited. If you received this in error, please contact the sender and delete the material from any computer. _______________________________________________ CWE-LUG mailing list [email protected] http://www.cwelug.org/ http://www.cwelug.org/archives/ http://www.cwelug.org/mailinglist/
