diff options
Diffstat (limited to 'filterwall.sh')
-rwxr-xr-x | filterwall.sh | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/filterwall.sh b/filterwall.sh new file mode 100755 index 0000000..deba71f --- /dev/null +++ b/filterwall.sh | |||
@@ -0,0 +1,31 @@ | |||
1 | #!/bin/bash | ||
2 | # | ||
3 | # Log Filter/Firewall Generator | ||
4 | # by Mike Crute (mcrute@gmail.com) | ||
5 | # on November 20, 2009 | ||
6 | # | ||
7 | # Script to scrape over logfiles and generate blocked-ip | ||
8 | # list for people abusing machine services. This is designed | ||
9 | # to be run as a cron. | ||
10 | # | ||
11 | |||
12 | BLOCK_FILE=/etc/firewall/blocked-ips | ||
13 | |||
14 | # Filter SSHD Abusers | ||
15 | egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \ | ||
16 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | ||
17 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | ||
18 | >> $BLOCK_FILE | ||
19 | |||
20 | # Filter FTP Abusers | ||
21 | grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \ | ||
22 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | ||
23 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | ||
24 | >> $BLOCK_FILE | ||
25 | |||
26 | # De-dup the filter file. | ||
27 | cat $BLOCK_FILE | sort -u > $BLOCK_FILE.tmp | ||
28 | mv $BLOCK_FILE.tmp $BLOCK_FILE | ||
29 | |||
30 | # Refresh the firewall | ||
31 | /root/bin/firewall | ||