How to create an automated firewall blocking (bash) script which will
1.Scan /var/log/secure?
2.Check for the IP addresses that "Failed" log in 3 times?
3.Check IP tables if it exists?
4. if not ,how to create a iptable rules to block those IP addresses?
Thanks in advance !
Bash script to block ssh attacks
-
- Posts: 10642
- Joined: 2005/08/05 15:19:54
- Location: Northern Illinois, USA
Re: Bash script to block ssh attacks
Check out fail2ban ( available at epel for some versions of CentOS ).
-
- Posts: 6
- Joined: 2015/04/28 15:02:38
- Location: Cyprus
- Contact:
Re: Bash script to block ssh attacks
There's also denyhosts, which runs as a service, monitors /var/log/secure and manipulates /etc/hosts.deny. It is also available from EPEL.