make it invisible to those ip..

#! /bin/bash
#
IP=`echo $* | sed ‘s/^.* from //’ | awk ‘{print $1}’ | sed ‘s/::ffff://’`
ATTEMPTS=`grep $IP /var/log/secure | grep “Failed password for”  | wc -l`

if [ $ATTEMPTS -gt 2 ] then
route add $IP lo
MINUTES=`expr $ATTEMPTS – 2`
echo “route del $IP lo 2> /dev/null” | at now +$MINUTES minutes 2>&1 > /tmp/.bad_user.$$
(hostname ; echo $* ; echo “IP=$IP” ; echo “ATTEMPTS=$ATTEMPTS” ; \
echo “Blocking for $MINUTES minutes” ; \
cat /tmp/.bad_user.$$ ) | Mail -s “bad user” root
fi

rm -f /tmp/.bad_user.$$
~

Related Post

Leave a Reply

Your email address will not be published. Required fields are marked *