Denyhosts – bash script

#!/bin/bash
# Author(s): Chris Trombley </code>

LIST=""
LIST=$(cat /var/log/auth.log | grep "authentication failure" | awk '{print$14}' | grep -v tty=ssh |sed -e 's/rhost=//g' -e 's/ /_/g' | uniq)
excludeList=( "10.10.6.1" "10.10.9.207" "static-xxx-xxx-xxx-xxx.isp.domain.net" )

function chkExcludeList()
{
for j in "${excludeList[@]}"; do
if [[ "$1" == $j ]]; then
return 10
fi
done
return 11
}

for i in $LIST; do
chkExcludeList "$i"
if [ $? != "10" ]; then
if [ "$(grep $i /etc/hosts.deny)" = "" ]; then
echo "ALL: $i : DENY" >> /etc/hosts.deny
fi
fi
done

Advertisements


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s