make it invisible to those ip..

#! /bin/bash
#
IP=`echo $* | sed ‘s/^.* from //’ | awk ‘{print $1}’ | sed ‘s/::ffff://’`
ATTEMPTS=`grep $IP /var/log/secure | grep “Failed password for”  | wc -l`

if [ $ATTEMPTS -gt 2 ] then
route add $IP lo
MINUTES=`expr $ATTEMPTS – 2`
echo “route del $IP lo 2> /dev/null” | at now +$MINUTES minutes 2>&1 > /tmp/.bad_user.$$
(hostname ; echo $* ; echo “IP=$IP” ; echo “ATTEMPTS=$ATTEMPTS” ; \
echo “Blocking for $MINUTES minutes” ; \
cat /tmp/.bad_user.$$ ) | Mail -s “bad user” root
fi

rm -f /tmp/.bad_user.$$
~

Get Free Email Updates!

Signup now and receive an email once I publish new content.

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Like

Related Post

One Response

  1. dotsha says:

    Since “?” in bash wildcard matches exactly one character …

    rm -f ??????????

    would be faster to type … 😎

    Reply

Anything to add?

X