lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
This website is powered by Openwall GNU/*/Linux security-enhanced OS
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
Date: Thu Mar  2 15:43:32 2006
From: tastytastybeef at googlemail.com (Gary Leons)
Subject: reduction of brute force login attempts via
	SSHthrough iptables --hashlimit

On 3/2/06, GroundZero Security <fd@....org> wrote:
>
> After all it works. There are always more ways to do it, but if its -A1 or
> -1 really doesnt matter at all, its just you have to be pedantic over it i guess.
> Yep im not a bash guru maybe,but i really dont care much for optimization
> on a lame script like this as long as it WORKS and is not insecure.
                                                                      
           ^^^^^^^^^^^^^^^
HAH.

>
> If you really think it sucks sooo much that you cant take it, then before you reply to this mail now,
> go and optimize it and send your version to FD then you can be happy and feel superior :-)
>
> -sk

#!/bin/sh
for i in `lastb -ai | awk '{print $(NF)}' | sort | uniq -c | sort -n |
awk '{if ($1 >= 7) print $2}'`; do
    if ! grep -q "sshd: ${i}" /etc/hosts.deny; then
        printf "# %s\nsshd: %s\n" "`date`" "${i}" >> /etc/hosts.deny
    fi
done

5 lines, adds hosts with more than 7 failed logins to hosts.deny, run
it from cron.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux