![[info]](http://p-stat.livejournal.com/img/userinfo.gif){kind=small}
So I was looking around for scripts which will automagically ban an IP address if it sees that there are too many login attempts.
A simple, but dangerous because you could ban yourself, script is:
#!/bin/bashexport PATH=/usr/bin:/bin:/usr/sbin:/sbin:$PATH
for IP in `grep 'Failed password' /var/log/secure|egrep -v 'validuser1|validuser2|validuser3' | perl -n -e 'm/([0-9]*\.[0-9]*\.[0-9]*\.[0-9]*)/; print "$1\n"'| sort | uniq`;
do
IPEXISTS=`/sbin/iptables -L -n| grep DROP | awk '{print $4}'|grep $IP|wc -l` if [ $IPEXISTS = "0" ]; then
iptables -I INPUT -s $IP -j DROP
fi
done
And now I found this http://denyhosts.sourceforge.net/. It works on /etc/hosts.deny, but I really want iptables to block the address. For that you can use PLUGIN_DENY/PLUGIN_PURGE feature. If set, this value should point to an executable program that will be invoked when a host is added or purged
Current Mood: 
mellow
mellow