Bryan Phinney <[EMAIL PROTECTED]> writes: > Here is a script I wrote to work around SSH probes. It is NOT elegant, very > quick and dirtyish but it does seem to work and it can be run from a cron > job fairly often without problems. >
Hi Bryan, pretty cool, the only thing I would suggest is using Damian Conways's Regexp::Common module in a Perl script to parse the IP address out. Using cut doesn't 'cut it', as sometimes the line has more text in it than you might be expecting. Here's the script I use, based as on the one you wrote, as I've modified it. --------------------------------- #!/bin/sh cd /usr/local/sbin #Optional, remove old entries rm ./sshd_block/block.txt #This will parse the messages file and extract the sshd lines grep sshd /var/log/messages | grep Failed | ./get_ips | \ sort | uniq > ./sshd_block/block.txt target=`cat ./sshd_block/block.txt` for i in $target; do echo ALL:$i >> /etc/hosts.deny done #remove extra entries from hosts.deny cat /etc/hosts.deny | sort | uniq > /etc/hosts.new cp /etc/hosts.new /etc/hosts.deny --------------------------------- And here is the source for get_ips --------------------------------- #!/usr/bin/perl use Regexp::Common; while(<>) { if(/$RE{net}{IPv4}{dec}{-keep}/){ print "$1\n"; } } --------------------------------- I'm really glad you did your script. Until I read this thread, I had no idea that anyone might have been trying to SSH into my machine, like some madman. Turns out they have been, every night for weeks, (my bad), but now with my modified script (based on your great contribution), they won't be doing it more than once. Thanks very much, my friend, Dave in Largo, FL.
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________