#! /bin/bash
#
IP=`echo $* | sed ‘s/^.* from //’ | awk ‘{print $1}’ | sed ‘s/::ffff://’`
ATTEMPTS=`grep $IP /var/log/secure | grep “Failed password for”  | wc -l`

if [ $ATTEMPTS -gt 2 ]
then
route add $IP lo
MINUTES=`expr $ATTEMPTS – 2`
echo “route del $IP lo 2> /dev/null” | at now +$MINUTES minutes 2>&1 > /tmp/.bad_user.$$
(hostname ; echo $* ; echo “IP=$IP” ; echo “ATTEMPTS=$ATTEMPTS” ;
echo “Blocking for $MINUTES minutes” ;
cat /tmp/.bad_user.$$ ) | Mail -s “bad user” root
fi

rm -f /tmp/.bad_user.$$
~

Related posts:

  1. Blocking access to certain website using route
  2. How to add route to VTUN that use PPP interface.
  3. Routing tutorial
  4. One Liner Tips : how to kill multiple process with just one line
  5. Geoserver and Java (JRE)