Indented hosts.deny example lines

README.md

@@ -1,37 +1,42 @@
 SSH Block 2
+===========
 
-I am glad to announce version 2 of the SSH Block script!
-Version two contains many improvments over the earlier versions.
+This is version 2 of my old SSH Block script.
 
-A quick list with the best of version two:
+A quick list of what has changed with version 2
+-----------------------------------------------
 - Total re-write of the code
 - No more catting back and forth thruogh the script
-- No more strange temp files in /Var/state/ssh_block
+- No more strange temp files in /var/state/ssh\_block
 - ONE scriptfile for all system (Linux, FreeBSD, Solaris and Mac OS X)
 - No more un-neccesary grepping. The script only "greps" if the size of the
 log file has changed. This way it uses less system recuorces.
 - The blocked IP's are now inserted directly into hosts.deny
 
+History
+-------
 I came up with ideea of making a version two since I made the port to Solaris
 and Mac OS X. I liked the code that came out of these two ports. Later on I
 started thinking about what can be done about the script re-writing 
-the hosts.deny file every 10 second. So for this I added the logfile size check.
+the hosts.deny file every 10th second. 
+So for this I added the logfile size check.
 And I didn't like having 4 diffrent versions (5 if you count the iptable 
 version) of the script. So I made a "One for all" version.
 
-I hope version two of SSH Block will be appreciated both among version one users
-aswell as among new users.
-
-Please drop me an e-mail with comments, bugs, improvments or just about 
-anything!
-
 This is the new SSH Block, simply called sshblock2.
 It sould run out of the box on FreeBSD, Mac OS X, Linux and Solaris, though
 there are some extra steps to make it work with Solaris (since TCP Wrappers
 arn't enabled by default and no logging is done.)
 
+Usage
+-----
+Simply running the script as root should work out of the box. The script will
+then search the logfiles and insert the IP-number of any offending host
+(SSH-probing hosts) in your systems hosts.deny. Note that your system must
+be using TCP Wrappers for this to work (most Linux systems do).
 
-NOTE TO SOLARIS USERS
+Note to Solaris users
+---------------------
 
 There are some things you have to do to your system before this script
 will acually work under Solaris.

sshblock2.sh

@@ -2,7 +2,7 @@
 
 ################################################################################
 #                                                                              #
-#  Copyright (C) 2006 Jack-Benny Persson <jake@cyberinfo.se>                   #
+#  Copyright (C) 2006-2013 Jack-Benny Persson <jack-benny@cyberinfo.se>        #
 #                                                                              #
 #   This program is free software; you can redistribute it and/or modify       #
 #   it under the terms of the GNU General Public License as published by       #
@@ -20,7 +20,7 @@
 #                                                                              #
 ################################################################################
 
-# Version 2.3
+# Version 2.4
 #
 # SSH Block 2 - A script that blocks SSH probing hosts in /etc/hosts.deny
 # This is version two of SSH Block, wich is a total re-write of the original
@@ -155,6 +155,8 @@ Linux_size()
                 B=`ls -l /var/log/messages | awk '{print $5}'`
                 let C=A+B
                 echo $C
+	elif [ -e /var/log/auth.log ]; then
+		ls -l /var/log/auth.log | awk '{print $5}'
         elif [ -e /var/log/secure ]; then
                 ls -l /var/log/secure | awk '{print $5}'
         elif [ -e /var/log/messages ]; then