GithubHelp home page GithubHelp logo

sshblock2's Introduction

SSH Block 2

This is version 2 of my old SSH Block script.

A quick list of what has changed with version 2

  • Total re-write of the code
  • No more catting back and forth thruogh the script
  • No more strange temp files in /var/state/ssh_block
  • ONE scriptfile for all system (Linux, FreeBSD, Solaris and Mac OS X)
  • No more un-neccesary grepping. The script only "greps" if the size of the log file has changed. This way it uses less system recuorces.
  • The blocked IP's are now inserted directly into hosts.deny

History

I came up with ideea of making a version two since I made the port to Solaris and Mac OS X. I liked the code that came out of these two ports. Later on I started thinking about what can be done about the script re-writing the hosts.deny file every 10th second. So for this I added the logfile size check. And I didn't like having 4 diffrent versions (5 if you count the iptable version) of the script. So I made a "One for all" version.

This is the new SSH Block, simply called sshblock2. It sould run out of the box on FreeBSD, Mac OS X, Linux and Solaris, though there are some extra steps to make it work with Solaris (since TCP Wrappers arn't enabled by default and no logging is done.)

Usage

Simply running the script as root should work out of the box. The script will then search the logfiles and insert the IP-number of any offending host (SSH-probing hosts) in your systems hosts.deny. Note that your system must be using TCP Wrappers for this to work (most Linux systems do).

Note to Solaris users

There are some things you have to do to your system before this script will acually work under Solaris. To start with, TCP Wrappers is not enabled by default on Solaris 10. How to enable TCP Wrappers and some info about it can be found here: http://www.sun.com/bigadmin/content/submitted/tcp_wrap_solaris10.html

Second, you have to enable syslog logging of the ssh daemon. This is done by editing /etc/syslog.conf. Adding the following line will have sshd logging to /var/log/authlog

auth.info /var/log/authlog

Now you can run the script (as root) and it will block IP numbers of probing hosts. The scripts will add this hosts to your /etc/hosts.deny file like this:

#BEGIN_SSHBLOCK
sshd : 192.168.0.1
sshd : 10.0.0.3
#END_SSHBLOCK

I would recommend to backup your /etc/hosts.deny and your /etc/syslog.conf before making changes and running the script.

sshblock2's People

Contributors

jackbenny avatar

Stargazers

JMV avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.