SSH ochrana před roboty: Porovnání verzí
Z Wiki UnArt Slavičín
Skočit na navigaciSkočit na vyhledávání
Bez shrnutí editace |
Bez shrnutí editace |
||
| Řádek 25: | Řádek 25: | ||
POCET=`cat /$DIR/auth/$FILE |grep $IP |wc -l |awk '{print $1}'`; | POCET=`cat /$DIR/auth/$FILE |grep $IP |wc -l |awk '{print $1}'`; | ||
if [ $POCET -gt $POKUS ] ; then | if [ $POCET -gt $POKUS ] ; then | ||
iptables -A INPUT -s $IP -j DROP | |||
ATTACK=1 | |||
fi | |||
done | done | ||
#mail | #mail | ||
cat /$DIR/auth/tmp |mail -s "Blokovane IP" $EMAIL | if [ $ATTACK -eq 1 ] ; then | ||
cat /$DIR/auth/tmp |mail -s "Blokovane IP" $EMAIL | |||
fi | |||
Verze z 10. 5. 2008, 19:32
#!/bin/bash
DIR="var/log"
DAY=`date |awk '{print $1}'`
FILE="auth_$DAY.log"
EMAIL="muj@mail.cz"
POKUS=10
# uklid na zacatek
rm -f /$DIR/auth/$FILE
touch /$DIR/auth/tmp
# zaloha auth.log
cat /$DIR/auth.log >> /$DIR/auth/$FILE
#rm -f /$DIR/auth.log
#touch /$DIR/auth.log
# unikatni IP ze souboru + pridani do block_ip
grep "Invalid user" /$DIR/auth/$FILE |awk '{print $10}' |uniq > /$DIR/auth/tmp;
cat /$DIR/auth/tmp >> /$DIR/auth/block_ip
# blokovani nalezenych IP
SIZE=`wc -l /$DIR/auth/tmp |awk '{print $1}'`;
SIZE=`expr $SIZE + 1`;
I=1
while test $I -lt $SIZE
do
IP=`sed -n "$I"p /$DIR/auth/tmp`;
I=`expr $I + 1`;
POCET=`cat /$DIR/auth/$FILE |grep $IP |wc -l |awk '{print $1}'`;
if [ $POCET -gt $POKUS ] ; then
iptables -A INPUT -s $IP -j DROP
ATTACK=1
fi
done
#mail
if [ $ATTACK -eq 1 ] ; then
cat /$DIR/auth/tmp |mail -s "Blokovane IP" $EMAIL
fi
