Created
February 25, 2019 03:49
-
-
Save bmvakili/37c61893c0a5d308297676a0f215dc4d to your computer and use it in GitHub Desktop.
Crontab entry to check for bad actors attempting 100+ incorrect password attempts in a day from a given IP address and ban that IP address from trying to connect to the server
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Continuously check for bad actors and ban them! | |
| 0 */2 * * * zgrep "Failed password for root from" /var/log/auth.log | sed "s_.*Failed password for root from \([0-9][^ ]*\).*_\1_" | sort | uniq -c | sort -n | while read x ; do export IP=`echo $x | sed 's_^[ ]*[0-9]* \([0-9].*\)_\1_'`; export TEST=`echo $x | sed 's_^[ ]*\([0-9]*\) [0-9].*_\1_'`; test $TEST -gt 100 && (grep -qxF "ALL: $IP" /etc/hosts.deny || sudo bash -c "echo 'ALL: $IP' >> /etc/hosts.deny ") ; done |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment