diff options
| -rwxr-xr-x | filterwall.sh | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/filterwall.sh b/filterwall.sh index deba71f..5c47a48 100755 --- a/filterwall.sh +++ b/filterwall.sh | |||
| @@ -11,16 +11,24 @@ | |||
| 11 | 11 | ||
| 12 | BLOCK_FILE=/etc/firewall/blocked-ips | 12 | BLOCK_FILE=/etc/firewall/blocked-ips |
| 13 | 13 | ||
| 14 | # Purge the block file at the first hour of the first day of the | ||
| 15 | # month to prevent stale IPs from sitting in the block file. | ||
| 16 | if (( $(date +%d) == 1 )); then | ||
| 17 | if (( $(date +%H) == 0 )); then | ||
| 18 | echo > $BLOCK_FILE | ||
| 19 | fi | ||
| 20 | fi | ||
| 21 | |||
| 14 | # Filter SSHD Abusers | 22 | # Filter SSHD Abusers |
| 15 | egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \ | 23 | egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \ |
| 16 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | 24 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ |
| 17 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | 25 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ |
| 18 | >> $BLOCK_FILE | 26 | >> $BLOCK_FILE |
| 19 | 27 | ||
| 20 | # Filter FTP Abusers | 28 | # Filter FTP Abusers |
| 21 | grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \ | 29 | grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \ |
| 22 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | 30 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ |
| 23 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | 31 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ |
| 24 | >> $BLOCK_FILE | 32 | >> $BLOCK_FILE |
| 25 | 33 | ||
| 26 | # De-dup the filter file. | 34 | # De-dup the filter file. |