Skip to content

Instantly share code, notes, and snippets.

@wzyboy

wzyboy/denyip.sh Secret

Created Aug 6, 2012
Embed
What would you like to do?
Find and block IP addressed failed to log in.
#!/bin/bash -
# Bio: I will block those IP addresses who failed to log in.
# Usage: Run me directly with root or add me to cron.
# Author: wzyboy
# Website: https://wzyboy.im/
# Version: 2012-08-09-r4
[[ $EUID -ne 0 ]] && echo "You are not root. Abort." && exit 1
cd /var/log/
echo "I am trying to find out who failed to login..."
zgrep 'Bye' auth.log* | grep -Po '\d+\.\d+\.\d+\.\d+' | sort | uniq -c | sort -nr > auth.log.wzy.sorted
count=$(wc -l auth.log.wzy.sorted | awk '{print $1}')
cat << EOF
I've found $count bad guy(s)!
They are listed in /var/log/auth.log.wzy.sorted
Now I will block them in iptables.
EOF
tmp=$(mktemp /tmp/iptables.XXXXXX)
grep -Po '\d+\.\d+\.\d+\.\d+' auth.log.wzy.sorted > $tmp
iptables -F
for i in $(<$tmp); do
iptables -I INPUT -s $i -j DROP
done
rm $tmp
echo "Now saving the rules so they can be loaded automatically."
iptables-save > /etc/iptables.rules
cat << EOF
Done! They will never be able to bother $(hostname)!
You can also use this command to view my work:
sudo iptables -nL
Or just
sudo iptables -L
if you like resolved hostnames, but it will be slower.
Ciao!
EOF
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.