Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- import os
- import socket
- bannedHosts = []
- failedHosts = []
- ignoredIPs = []
- failLimit = 0 # Better change this
- bannedChain = "Hackor"
- os.system("iptables -N %s &>/dev/null" % (bannedChain))
- iptables = os.popen("iptables --list %s -n | egrep -v \"target.+prot.+opt.+source.+destination\" | egrep -v \"Chain %s .+ references\" | awk '{print $4}'" % (bannedChain, bannedChain))
- for bannedIP in iptables.readlines():
- bannedHosts.append(bannedIP.rstrip())
- loginFailures = os.popen("grep failure /var/log/secure | grep pam | awk -F \"rhost=\" '{print $2}' | awk '{print $1}' | uniq --count")
- for line in loginFailures.readlines():
- (number, host) = line.split()
- try:
- ip = socket.gethostbyaddr(host)[2][0]
- except socket.error:
- ip = host
- if int(number) > failLimit:
- print "%s is currently over fail limit, processing" % (ip)
- if ip in bannedHosts:
- print "%s is allready banned, ignoring" % (ip)
- continue
- if ip in ignoredIPs:
- print "%s is an ingored ip, ignoring" % (ip)
- continue
- print "%s not allready banned, banning for %s failed attempts" % (host, number)
- os.system("iptables -A %s -s %s -j DROP" % (bannedChain, ip))
- else:
- print "%s is currently under fail limit, ignoring" % (host)
Add Comment
Please, Sign In to add comment