On 2005-09-02 09:37, Michael L Benjamin wrote: > Here is a simple script I've coded up that I use on 3 of my RedHat > Enterprise Linux 3 (RHEL3) servers. I decided to do this after seeing the > amount of activity from places like China/Korea/Taiwan in relation to > SSH brute force probes. I'll throw it open here for > analysis/suggestions. It > leverages off the TCPWrappers /etc/hosts.deny /etc/hosts.allow > functionality.
Hello, Nice script! Although I think it's a good way to list that brute force IPs in /etc/hosts.deny there is another good script that uses iptables to block the IPs: http://fail2ban.sourceforge.net/ It works with apache logfiles too. cheers, -- Gerald Holl http://holl.co.at _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/