Re: [Full-disclosure] reduction of brute force login attempts via SSHthrough iptables --hashlimit

On 3/2/06, GroundZero Security <fd@xxxxxxx> wrote:

After all it works. There are always more ways to do it, but if its -A1 or
-1 really doesnt matter at all, its just you have to be pedantic over it i guess.
Yep im not a bash guru maybe,but i really dont care much for optimization
on a lame script like this as long as it WORKS and is not insecure.

^^^^^^^^^^^^^^^
HAH.


If you really think it sucks sooo much that you cant take it, then before you reply to this mail now,
go and optimize it and send your version to FD then you can be happy and feel superior :-)

-sk

#!/bin/sh
for i in `lastb -ai | awk '{print $(NF)}' | sort | uniq -c | sort -n |
awk '{if ($1 >= 7) print $2}'`; do
if ! grep -q "sshd: ${i}" /etc/hosts.deny; then
printf "# %s\nsshd: %s\n" "`date`" "${i}" >> /etc/hosts.deny
fi
done

5 lines, adds hosts with more than 7 failed logins to hosts.deny, run
it from cron.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/