Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| b21960b7bf | |||
| 191a0f0498 | |||
| 4b605439fa | |||
| e271a5ee3d | |||
| f9289e084c |
@ -1,37 +1,42 @@
|
|||||||
SSH Block 2
|
SSH Block 2
|
||||||
|
===========
|
||||||
|
|
||||||
I am glad to announce version 2 of the SSH Block script!
|
This is version 2 of my old SSH Block script.
|
||||||
Version two contains many improvments over the earlier versions.
|
|
||||||
|
|
||||||
A quick list with the best of version two:
|
A quick list of what has changed with version 2
|
||||||
|
-----------------------------------------------
|
||||||
- Total re-write of the code
|
- Total re-write of the code
|
||||||
- No more catting back and forth thruogh the script
|
- No more catting back and forth thruogh the script
|
||||||
- No more strange temp files in /Var/state/ssh_block
|
- No more strange temp files in /var/state/ssh\_block
|
||||||
- ONE scriptfile for all system (Linux, FreeBSD, Solaris and Mac OS X)
|
- ONE scriptfile for all system (Linux, FreeBSD, Solaris and Mac OS X)
|
||||||
- No more un-neccesary grepping. The script only "greps" if the size of the
|
- No more un-neccesary grepping. The script only "greps" if the size of the
|
||||||
log file has changed. This way it uses less system recuorces.
|
log file has changed. This way it uses less system recuorces.
|
||||||
- The blocked IP's are now inserted directly into hosts.deny
|
- The blocked IP's are now inserted directly into hosts.deny
|
||||||
|
|
||||||
|
History
|
||||||
|
-------
|
||||||
I came up with ideea of making a version two since I made the port to Solaris
|
I came up with ideea of making a version two since I made the port to Solaris
|
||||||
and Mac OS X. I liked the code that came out of these two ports. Later on I
|
and Mac OS X. I liked the code that came out of these two ports. Later on I
|
||||||
started thinking about what can be done about the script re-writing
|
started thinking about what can be done about the script re-writing
|
||||||
the hosts.deny file every 10 second. So for this I added the logfile size check.
|
the hosts.deny file every 10th second.
|
||||||
|
So for this I added the logfile size check.
|
||||||
And I didn't like having 4 diffrent versions (5 if you count the iptable
|
And I didn't like having 4 diffrent versions (5 if you count the iptable
|
||||||
version) of the script. So I made a "One for all" version.
|
version) of the script. So I made a "One for all" version.
|
||||||
|
|
||||||
I hope version two of SSH Block will be appreciated both among version one users
|
|
||||||
aswell as among new users.
|
|
||||||
|
|
||||||
Please drop me an e-mail with comments, bugs, improvments or just about
|
|
||||||
anything!
|
|
||||||
|
|
||||||
This is the new SSH Block, simply called sshblock2.
|
This is the new SSH Block, simply called sshblock2.
|
||||||
It sould run out of the box on FreeBSD, Mac OS X, Linux and Solaris, though
|
It sould run out of the box on FreeBSD, Mac OS X, Linux and Solaris, though
|
||||||
there are some extra steps to make it work with Solaris (since TCP Wrappers
|
there are some extra steps to make it work with Solaris (since TCP Wrappers
|
||||||
arn't enabled by default and no logging is done.)
|
arn't enabled by default and no logging is done.)
|
||||||
|
|
||||||
|
Usage
|
||||||
|
-----
|
||||||
|
Simply running the script as root should work out of the box. The script will
|
||||||
|
then search the logfiles and insert the IP-number of any offending host
|
||||||
|
(SSH-probing hosts) in your systems hosts.deny. Note that your system must
|
||||||
|
be using TCP Wrappers for this to work (most Linux systems do).
|
||||||
|
|
||||||
NOTE TO SOLARIS USERS
|
Note to Solaris users
|
||||||
|
---------------------
|
||||||
|
|
||||||
There are some things you have to do to your system before this script
|
There are some things you have to do to your system before this script
|
||||||
will acually work under Solaris.
|
will acually work under Solaris.
|
||||||
@ -48,10 +53,10 @@ auth.info /var/log/authlog
|
|||||||
Now you can run the script (as root) and it will block IP numbers of probing
|
Now you can run the script (as root) and it will block IP numbers of probing
|
||||||
hosts. The scripts will add this hosts to your /etc/hosts.deny file like this:
|
hosts. The scripts will add this hosts to your /etc/hosts.deny file like this:
|
||||||
|
|
||||||
#BEGIN_SSHBLOCK
|
#BEGIN_SSHBLOCK
|
||||||
sshd : 192.168.0.1
|
sshd : 192.168.0.1
|
||||||
sshd : 10.0.0.3
|
sshd : 10.0.0.3
|
||||||
#END_SSHBLOCK
|
#END_SSHBLOCK
|
||||||
|
|
||||||
I would recommend to backup your /etc/hosts.deny and your /etc/syslog.conf
|
I would recommend to backup your /etc/hosts.deny and your /etc/syslog.conf
|
||||||
before making changes and running the script.
|
before making changes and running the script.
|
||||||
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
################################################################################
|
################################################################################
|
||||||
# #
|
# #
|
||||||
# Copyright (C) 2006 Jack-Benny Persson <jake@cyberinfo.se> #
|
# Copyright (C) 2006-2013 Jack-Benny Persson <jack-benny@cyberinfo.se> #
|
||||||
# #
|
# #
|
||||||
# This program is free software; you can redistribute it and/or modify #
|
# This program is free software; you can redistribute it and/or modify #
|
||||||
# it under the terms of the GNU General Public License as published by #
|
# it under the terms of the GNU General Public License as published by #
|
||||||
@ -20,7 +20,7 @@
|
|||||||
# #
|
# #
|
||||||
################################################################################
|
################################################################################
|
||||||
|
|
||||||
# Version 2.3
|
# Version 2.4
|
||||||
#
|
#
|
||||||
# SSH Block 2 - A script that blocks SSH probing hosts in /etc/hosts.deny
|
# SSH Block 2 - A script that blocks SSH probing hosts in /etc/hosts.deny
|
||||||
# This is version two of SSH Block, wich is a total re-write of the original
|
# This is version two of SSH Block, wich is a total re-write of the original
|
||||||
@ -155,6 +155,8 @@ Linux_size()
|
|||||||
B=`ls -l /var/log/messages | awk '{print $5}'`
|
B=`ls -l /var/log/messages | awk '{print $5}'`
|
||||||
let C=A+B
|
let C=A+B
|
||||||
echo $C
|
echo $C
|
||||||
|
elif [ -e /var/log/auth.log ]; then
|
||||||
|
ls -l /var/log/auth.log | awk '{print $5}'
|
||||||
elif [ -e /var/log/secure ]; then
|
elif [ -e /var/log/secure ]; then
|
||||||
ls -l /var/log/secure | awk '{print $5}'
|
ls -l /var/log/secure | awk '{print $5}'
|
||||||
elif [ -e /var/log/messages ]; then
|
elif [ -e /var/log/messages ]; then
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user