Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #This script scans a log for failed attempts then gets the ip address of the person failing
- #at logging in. After that it attempts to get the abuse contact for the network the ip
- # address is from. If found it sends a email with the relevant log file information to the
- # admin and also the abuse contact for that network.
- # Jackie Craig Sparks jackie.craig.sparks@gmail.com - feel free to contact me anytime thru
- # Email or gtalk!
- # Visit my websites!! and like them on facebook brothers!
- # http://www.phonesnake.com http://www.communicationslibrary.info
- securelog="/var/log/secure"
- offenders=`cat ${securelog} | grep "Failed password for " | awk '{ print $11 }' | grep -v '[^0-9]\{3\}.[^0-9]\{1,3\}.[^0-9]\{1,3\}.[^0-9]\{1,3\}' |uniq -d | grep '[^a-zA-Z\-\+0-9]\{1,20\}' | uniq -d`
- emails="csparks@acho-hosting.com"
- logdir="/var/log/"
- log="bruteforceip"
- found=0
- for i in $offenders; do
- while read line;do
- if [ "$line" = "$i" ]; then
- found=1
- break;
- else
- found=0
- fi
- done < "${logdir}${log}"
- if [ "$found" == "0" ];then
- echo $i >> ${logdir}${log}
- logentries=`grep ${i} secure`
- contactinfo=`whois_psad $i`
- abuseemail=`whois_psad ${i} | grep 'abuse' | grep -o -E '([[:alnum:]+\.\_\-])+@([[:alnum:]+\.\_\-])+'`
- #echo $abuseemail;
- subject="SSH BRUTE FORCE ${i}"
- echo "ip: ${i} ${contactinfo} ${logentries}" > tmp
- if [ -z "$abuseemail" ]; then
- for a in $abuseemail;do #email us
- echo "$abuseemail" >> tmp
- mail $a -s "${subject}" < tmp
- done
- subject="${subject} EMAIL sent to abuse at host"
- fi
- for a in $emails;do #email us
- mail $a -s "${subject}" < tmp
- # echo "Sending mail"
- done
- fi
- found=0
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement