From: Gary Leons (tastytastybeefgooglemail.com)
Date: Thu Mar 02 2006 - 09:43:24 CST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/2/06, GroundZero Security <fdg-0.org> wrote:
>
> After all it works. There are always more ways to do it, but if its -A1 or
> -1 really doesnt matter at all, its just you have to be pedantic over it i guess.
> Yep im not a bash guru maybe,but i really dont care much for optimization
> on a lame script like this as long as it WORKS and is not insecure.
                                                                      
           ^^^^^^^^^^^^^^^
HAH.

>
> If you really think it sucks sooo much that you cant take it, then before you reply to this mail now,
> go and optimize it and send your version to FD then you can be happy and feel superior :-)
>
> -sk

#!/bin/sh
for i in `lastb -ai | awk '{print $(NF)}' | sort | uniq -c | sort -n |
awk '{if ($1 >= 7) print $2}'`; do
    if ! grep -q "sshd: ${i}" /etc/hosts.deny; then
        printf "# %s\nsshd: %s\n" "`date`" "${i}" >> /etc/hosts.deny
    fi
done

5 lines, adds hosts with more than 7 failed logins to hosts.deny, run
it from cron.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]