diff options
author | root <root@pompom.softgrouphosting.net> | 2009-11-21 21:21:04 -0500 |
---|---|---|
committer | root <root@pompom.softgrouphosting.net> | 2009-11-21 21:21:04 -0500 |
commit | 583405ab5f7666435d006db0c81567e2a938225b (patch) | |
tree | 5621081ffa597be96e4d174fb1614301ca51884a | |
parent | 5f73cc6cde571cd52f317d56fb1087169ebea7e0 (diff) | |
download | iptables_scripts-583405ab5f7666435d006db0c81567e2a938225b.tar.bz2 iptables_scripts-583405ab5f7666435d006db0c81567e2a938225b.tar.xz iptables_scripts-583405ab5f7666435d006db0c81567e2a938225b.zip |
Updated filterwall to do IP purging
-rwxr-xr-x | filterwall.sh | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/filterwall.sh b/filterwall.sh index deba71f..5c47a48 100755 --- a/filterwall.sh +++ b/filterwall.sh | |||
@@ -11,16 +11,24 @@ | |||
11 | 11 | ||
12 | BLOCK_FILE=/etc/firewall/blocked-ips | 12 | BLOCK_FILE=/etc/firewall/blocked-ips |
13 | 13 | ||
14 | # Purge the block file at the first hour of the first day of the | ||
15 | # month to prevent stale IPs from sitting in the block file. | ||
16 | if (( $(date +%d) == 1 )); then | ||
17 | if (( $(date +%H) == 0 )); then | ||
18 | echo > $BLOCK_FILE | ||
19 | fi | ||
20 | fi | ||
21 | |||
14 | # Filter SSHD Abusers | 22 | # Filter SSHD Abusers |
15 | egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \ | 23 | egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \ |
16 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | 24 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ |
17 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | 25 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ |
18 | >> $BLOCK_FILE | 26 | >> $BLOCK_FILE |
19 | 27 | ||
20 | # Filter FTP Abusers | 28 | # Filter FTP Abusers |
21 | grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \ | 29 | grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \ |
22 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | 30 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ |
23 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | 31 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ |
24 | >> $BLOCK_FILE | 32 | >> $BLOCK_FILE |
25 | 33 | ||
26 | # De-dup the filter file. | 34 | # De-dup the filter file. |