diff options
Diffstat (limited to 'filterwall.sh')
| -rwxr-xr-x | filterwall.sh | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/filterwall.sh b/filterwall.sh new file mode 100755 index 0000000..deba71f --- /dev/null +++ b/filterwall.sh | |||
| @@ -0,0 +1,31 @@ | |||
| 1 | #!/bin/bash | ||
| 2 | # | ||
| 3 | # Log Filter/Firewall Generator | ||
| 4 | # by Mike Crute (mcrute@gmail.com) | ||
| 5 | # on November 20, 2009 | ||
| 6 | # | ||
| 7 | # Script to scrape over logfiles and generate blocked-ip | ||
| 8 | # list for people abusing machine services. This is designed | ||
| 9 | # to be run as a cron. | ||
| 10 | # | ||
| 11 | |||
| 12 | BLOCK_FILE=/etc/firewall/blocked-ips | ||
| 13 | |||
| 14 | # Filter SSHD Abusers | ||
| 15 | egrep "sshd\[[0-9]+\]: Failed password for" /var/log/auth.log | \ | ||
| 16 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | ||
| 17 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | ||
| 18 | >> $BLOCK_FILE | ||
| 19 | |||
| 20 | # Filter FTP Abusers | ||
| 21 | grep 'FAIL LOGIN: Client' /var/log/vsftpd.log | \ | ||
| 22 | egrep -o '([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3})' | \ | ||
| 23 | awk '{ a[$1]++ } END { for (i in a) { if (a[i] > 10) { print i }}}' \ | ||
| 24 | >> $BLOCK_FILE | ||
| 25 | |||
| 26 | # De-dup the filter file. | ||
| 27 | cat $BLOCK_FILE | sort -u > $BLOCK_FILE.tmp | ||
| 28 | mv $BLOCK_FILE.tmp $BLOCK_FILE | ||
| 29 | |||
| 30 | # Refresh the firewall | ||
| 31 | /root/bin/firewall | ||