Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- #miniban.sh - ser ettter system authorisation events relating to SSH og
- #failed passwords
- ###############################
- LOGFILE=/var/log/auth.log #filen vi skal overvåke
- IPFILE=ip.log #filen vi skal lagre IP'ene i
- #tømmer IP-filen når scriptet starter, så vi starter med tom hver gang:
- cp /dev/null ${IPFILE}
- #definere array
- declare -A ips
- #For hver linje i LOGFILE, extract de angripende IP adressene
- tail -n0 -F ${LOGFILE} | \ #kontiunerlig overvåking
- while read LINE
- do
- echo $LINE | grep "Failed password" | awk -F" from " '{print $2}' | awk '{print $1}' >> ${IPFILE}
- IP=$(sort ${IPFILE} | uniq -c | awk '{print $2}') #ip adressen
- ANTALL=$(sort ${IPFILE} | uniq -c | awk '{print $1}') #antallforsøk
- #istedet for det vi gjorde tidligere, lagre IP'en associative array
- #hver gang vi finner en ip med feil, øke antall forsøk i arrayen
- ips[$IP]=$(( ANTALL ))
- #om det oppfyller krav kjør
- #./ban.sh
- if [ ${ips[$IP]} -ge 3]; then
- echo "Blocking IP: $IP"
- ips[$IP]=0
- #ban IP:
- #./ban.sh
- fi
- done
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement