Created
June 16, 2024 14:32
-
-
Save csrutil/cc341c6570486182c379b4f2b18dddfa to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/sh | |
export PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin | |
# JAIL | |
ipset -N JAIL hash:net maxelem 65536 -exist | |
if ! iptables -S | grep -q -- "JAIL"; then | |
iptables -t filter -I INPUT \ | |
-p tcp \ | |
--dport 22 \ | |
-m set --match-set JAIL src \ | |
-j DROP | |
# Add the rule if it does not exist | |
echo "Rule added." | |
else | |
echo "Rule already exists." | |
fi | |
journalctl -u ssh | \ | |
grep Invalid | \ | |
grep -Eo '[0-9.]+\.[0-9]+' | \ | |
sort | \ | |
uniq -c | \ | |
sort -n | \ | |
awk '$1 > 10' | \ | |
grep -Eo '[0-9.]+\.[0-9]+' > /var/log/invalid-ssh.log | |
for cidr in $(cat /var/log/invalid-ssh.log); do | |
ipset add JAIL $cidr -exist | |
# nft add element inet fw4 jail { $cidr } | |
done | |
# block all the bot | |
wget https://raw.githubusercontent.com/ktsaou/blocklist-ipsets/master/firehol_level1.netset | |
for cidr in $(cat firehol_level1.netset | grep -v '#' ); do | |
ipset add JAIL $cidr -exist | |
# nft add element inet fw4 jail { $cidr } | |
done | |
ipset add JAIL 162.142.125.0/24 -exist | |
ipset add JAIL 167.94.138.0/24 -exist | |
ipset add JAIL 167.94.145.0/24 -exist | |
ipset add JAIL 167.94.146.0/24 -exist | |
ipset add JAIL 167.248.133.0/24 -exist | |
rm -rf firehol_level1.netset | |
# https://support.censys.io/hc/en-us/articles/360043177092-Opt-Out-of-Scanning | |
# nft add element inet fw4 jail { 162.142.125.0/24, 167.94.138.0/24, 167.94.145.0/24, 167.94.146.0/24, 167.248.133.0/24 } | |
exit 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment