#! /bin/bash
#
IP=`echo $* | sed ‘s/^.* from //’ | awk ‘{print $1}’ | sed ‘s/::ffff://’`
ATTEMPTS=`grep $IP /var/log/secure | grep “Failed password for” | wc -l`
if [ $ATTEMPTS -gt 2 ]
then
route add $IP lo
MINUTES=`expr $ATTEMPTS – 2`
echo “route del $IP lo 2> /dev/null” | at now +$MINUTES minutes 2>&1 > /tmp/.bad_user.$$
(hostname ; echo $* ; echo “IP=$IP” ; echo “ATTEMPTS=$ATTEMPTS” ;
echo “Blocking for $MINUTES minutes” ;
cat /tmp/.bad_user.$$ ) | Mail -s “bad user” root
fi
rm -f /tmp/.bad_user.$$
~
No user commented in " make it invisible to those ip.. "
Follow-up comment rss or Leave a TrackbackLeave A Reply
Allowed tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> <pre lang="" line="" escaped="" highlight="">