Current location

narf Source control manager Git

summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorshtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2>2009-06-01 05:15:24 +0000
committershtrom <shtrom@1991c358-8f32-0410-a49a-990740bdf4c2>2009-06-01 05:15:24 +0000
commit2026a2cf2244fbedfc83e658ea73233e14ee5731 (patch)
treef7e7b885a593ada20a817692ba5c1c2747cd5761 /openbsd
parentcb23108c9222f81587bec164b36af816d55e2e60 (diff)
[OpenBSD scripts] Don't keep previous offending addresses in DenyHost.sh.
git-svn-id: svn+ssh://scm.narf.ssji.net/svn/shtrom/scripts@551 1991c358-8f32-0410-a49a-990740bdf4c2
Diffstat (limited to 'openbsd')
-rwxr-xr-xopenbsd/denyhost.sh18
1 files changed, 10 insertions, 8 deletions
diff --git a/openbsd/denyhost.sh b/openbsd/denyhost.sh
index c324f93..ca138ea 100755
--- a/openbsd/denyhost.sh
+++ b/openbsd/denyhost.sh
@@ -2,7 +2,7 @@
# $Id$
# Script to trawl logs for nastiness and log bad IP addresses
# From http://netnix.blogspot.com/2005/06/openbsd-ssh-protection.html
-# Logging features by Olivier Mehanio <shtrom-openbsd@ssji.net>
+# Logging features by Olivier Mehani <shtrom-openbsd@ssji.net>
#
PATH=/usr/local/bin:$PATH
AUTHLOG=/var/log/authlog
@@ -12,22 +12,20 @@ NEW_BLOCKERS_FILE=`mktemp ${TMP_DIR}/blockers.list.XXXXXX`
DEST_ADDR=root@distant-sun.narf.ssji.net
SSH_INVALID_USERS=`sed -n "s/.*Invalid user .* from //p" $AUTHLOG | sort -u`
-
for iu in $SSH_INVALID_USERS; do
num=`grep $iu $AUTHLOG | grep 'Invalid user' | wc -l`
if [ $num -gt $NUM_TRIES ]; then
- echo "$iu" >> ${TMP_DIR}/invalid_users.list
+ echo "$iu"
fi
-done
+done > ${TMP_DIR}/invalid_users.list
SSH_FAILED_PASSWORD=`grep 'Failed password for' $AUTHLOG | grep -v 'invalid user' | awk '{ print $11 }' | sort -u`
-
for fp in $SSH_FAILED_PASSWORD; do
num=`grep $fp $AUTHLOG | grep 'Failed password for' | grep -v 'invalid user' | wc -l`
if [ $num -gt $NUM_TRIES ]; then
- echo "$fp" >> ${TMP_DIR}/failed_passwords.list
+ echo "$fp"
fi
-done
+done > ${TMP_DIR}/failed_passwords.list
sort -u ${TMP_DIR}/invalid_users.list ${TMP_DIR}/failed_passwords.list -o $NEW_BLOCKERS_FILE
@@ -63,5 +61,9 @@ for IP in `grep -v -f ${TMP_DIR}/blockers.list $NEW_BLOCKERS_FILE`; do
rm -f $HOST_FILE $WHOIS_FILE $LOGIN_FILE
done
+# Flush entries older than a week
+pfctl -t kiddies -T expire 25200 1>/dev/null 2>&1
+
+# Add new entries
mv $NEW_BLOCKERS_FILE ${TMP_DIR}/blockers.list
-(pfctl -t kiddies -vTadd -f ${TMP_DIR}/blockers.list 2>&1 1>/dev/null | grep -v "^0" || true) > /dev/null
+pfctl -t kiddies -vTadd -f ${TMP_DIR}/blockers.list 1>/dev/null 2>&1